News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Root Bridge – Android devices get pwned

    Home Forums AskWoody blog Root Bridge – Android devices get pwned

    Viewing 11 reply threads
    • Author
      Posts
      • #196730 Reply
        woody
        Da Boss

        It had to happen sooner or later. Now Kevin Beaumont (@GossiTheDog) reports on DoublePulsar that: Android has a feature called Android Debug Bridge (A
        [See the full post at: Root Bridge – Android devices get pwned]

        5 users thanked author for this post.
      • #196737 Reply
        anonymous
        Guest

        I’m not too surprised.  I should rig something up and go grab a cup of coffee to see what kind of an issue this is.

        • #197107 Reply
          anonymous
          Guest

          Let’s hope it isn’t an android IoT coffee machine, or it looks like you might be having tea instead!

      • #196743 Reply
        anonymous
        Guest

        Quick note, it says on the ADB page that you need to accept a certificate in order to allow ADB connections from specific devices as of 4.2.2 (Jellybean, 2013-ish).  It also seems that you need to be in Developer mode now.

        This mostly likely affects older Android-powered devices, and probably the cheap Chinese devices that aren’t certified to work with Google services.  For consumer devices, consider flashing the ROM or replacing if it can’t run Jellybean or newer.

      • #196766 Reply
        MrJimPhelps
        AskWoody_MVP

        I wonder how many Android-powered smart cars have been hacked through this vulnerability?

        https://www.recode.net/2016/11/14/13601444/google-android-auto-automotive-car-tech

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
      • #196770 Reply
        anonymous
        Guest

        Pretty easy to check the phone.
        Enable DEV mode.
        Ensure USB Debugging is not enabled.
        As an extra step, revoke authorization for computers previously connected. In case someone had a prior connection.

        Thanks for the info!

      • #196777 Reply
        Jan K.
        AskWoody Lounger

        Meh… what’s the problem?

        When I power on my android device, it phones home to mothership and often gets updates.

        Surely google has long time ago patched this?

      • #196779 Reply
        anonymous
        Guest

        Related news article from Feb 2018 …
        https://arstechnica.com/information-technology/2018/02/out-of-nowhere-currency-mining-botnet-infects-5000-android-devices/?comments=1

        I think most Android smartphones are not affected since ADB is disabled by default.

        Also, … http://www.tinmith.net/wayne/blog/2015/11/android-remote-adb.htm

      • #196806 Reply
        anonymous
        Guest

        Seems to be a China regional spying exploit. But if your device can receive updates remotely, then it is probably able to be exploited.

        There are backdoors out there and that is a given, and system updates would be an access point.

      • #196841 Reply
        Microfix
        AskWoody MVP

        IIRC android phones used to come with ‘Dev mode’ and ‘USB Debugging’ disabled at default otherwise the phone warranty was affected. When did this all change with google android?

        I still use my Nokia mobile ‘dumb phone’. Great battery life and small enough to forget I have it in my pocket at times.

        Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |
        1 user thanked author for this post.
        • #196978 Reply
          mindwarp
          AskWoody Lounger

          Dev mode doesn’t affect warranty status. I generally turn it and USB debugging on on my devices to use ADB to backup my nonrooted devices to my computer, when I’ve done major updates or had to replace a device (that backs up more for me than the inbuilt backup to Google Drive ever has).

          1 user thanked author for this post.
          • #196999 Reply
            anonymous
            Guest

            @mindwarp

            Android’s ADB is automatically disabled or turned off when not in use, eg after the USB adapter cord has been unplugged.

            ADB disabled is the default setting.

            Previous reported malware infection of Android devices via ADB was by connecting Android smartphones to malware-infested computers, Power-banks and other USB devices.
            ADB is not vulnerable per se.

            • #197133 Reply
              mindwarp
              AskWoody Lounger

              You do still have to enable USB debugging on the Android device to run ADB on a computer to backup a device, which means enabling Dev Mode. That ties into the original comment, about doing so invalidating warranties, which it doesn’t. You’re not rooted just by doing that, after all. I did disable USB debugging and revoked certificates on my devices, and I’ll just have to remember to reenable it the next time I need to do a full scale backup like that.

              1 user thanked author for this post.
      • #196842 Reply
        anonymous
        Guest

        Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device.

        During research for this article, we’ve found everything from fuel tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea.

        Sounds like the source of the problem is rogue vendors in China/East Asia, and not a vulnerability in Android = avoid buying no-name Android devices from China/East Asia.

        About vulnerable DVRs in HK …
        https://www.androidcentral.com/android-70-brings-better-dvr-features-and-picture-picture-android-tv

      • #196865 Reply
        anonymous
        Guest

        I wonder if the dangers inherent in the “everything is always connected” mindset will ever be recognized

        1 user thanked author for this post.
      • #196977 Reply
        mindwarp
        AskWoody Lounger

        Meh… what’s the problem?

        When I power on my android device, it phones home to mothership and often gets updates.

        Surely google has long time ago patched this?

        Besides even if Google had already patched it, which there is no mention of that, that doesn’t mean Android OEMs have. Remember, that’s the current problem with the Android ecosystem – after Google comes up with a new build, then manufacturers have to come up with their own variants for each currently supported device, and THEN the ISPs have THEIR turn if a device is specificly locked to a carrier. Also, depending on how far back this issue goes, many affected devices may never be patched.

        1 user thanked author for this post.
        • #197001 Reply
          anonymous
          Guest

          Certain things still require operating system updates. Operating system-level features and support for new hardware standards can’t be rolled out in the background. They require new versions of the core operating system.

          However, these updates are becoming less and less significant. Google is rolling out as many new features as possible via Play Services updates and app updates. They’re splitting out more and more apps from the Android operating system, making them available in Google Play so every device can update to them.

          The reality is that Android updates are becoming less and less significant. If you have a device with Marshmallow (Android 6.0) or above, you still have a very modern Android experience with most of the latest features. You can still use all the latest apps because Google has given your device access to most of the latest APIs.

          https://www.howtogeek.com/179638/not-getting-android-os-updates-heres-how-google-is-updating-your-device-anyway/

        • #197036 Reply
          Jan K.
          AskWoody Lounger

          Thanks for the feedback!

          I use an Acer A3-A30 tablet and do get updates from google.
          Since everything Google Play is deactivated, I can only assume updates are for system?

          But really surprised to learn not all devices’ systems aren’t directly under google’s protection.

          • #197046 Reply
            anonymous
            Guest

            I use an Acer A3-A30 tablet and do get updates from google.
            Since everything Google Play is deactivated, I can only assume updates are for system?

            Yes, the updates you’ve been getting directly from Google have been for the OS only, NOT the apps. Even with a fully updated OS, it’s still quite possible to get infected by a piece of crapware through a vulnerable program that hasn’t been updated.

            Time to re-enable your Google Play services and Google Play Store so you can get updates for the apps in the store you may have on your tablet, such as Firefox or Chrome browser and whatever security application you may have, such as Lookout, for example. Those apps don’t get updated by Google when a security or other update for the OS is released.

            Security apps should go out on their own and get their own definition or signature updates  without the help of the Google Play store, but they won’t update themselves if there’s a program update or bug fix. Those get pushed out via the Google Play Store almost exclusively.

            So, having a vulnerable browser will only get remedied by getting the revised browser version from the Google Play store. Same goes for whatever security/anti-crapware solution you have…the program updates only come through the Google Play store.

            3 users thanked author for this post.
            • #197272 Reply
              Jan K.
              AskWoody Lounger

              Thanks.

              I’m doomed! 😀

              android is indeed version 5. Don’t have any apps from the store and my chrome browser has been rolled way back to the very old 57.02 version (last one with a decent bookmark handler…).

              So my only defence is the updates google makes and my AdGuard filter (getting updates directly from them, not google)…

              Well, it’ll have to do! Nobody can’t really do anything with this tablet as it’s after all only a gadget for browsing a.o. non-important stuff.

          • #197140 Reply
            mindwarp
            AskWoody Lounger

            I just looked up your device. What was posted below about you getting updates for your OS as a whole from Google is incorrect. Check your settings – you should still be running Android 5.0 Lollipop, as Acer never released an upgrade to Android 6.0 Marshmallow for your device. Manufacturers vary widely on how long they support Android devices – the more you pay, the more likely you’ll get upgrades to two major versions, but that’s in the best case scenario – and Android comes out with a new major version every year. You are getting updates to Google apps via Play Services most likely, and that part from the quoted article will then somewhat apply, but the only devices that get Android updates directly from Google are Google devices (Nexus, Pixel, Android One).

            Edit: part of why this is the case, IIRC, has to do with hardware. OEMs, including Google, have to test each build to make sure it works with their specific configurations. The OEMs and carriers then also test it with any preinstalled software. Bugs still get through, mind you, but that’s why there’s this weirdness. That’s also why they drop support, though, since OEMs and carriers have so many devices…

            1 user thanked author for this post.
    Viewing 11 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Root Bridge – Android devices get pwned

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.