Improperly Deployed ADB Exploited By Android Hackers


A number of Android devices worldwide are apparently shipping with their Android Debug Bridge constantly listening for a network connection on port 5555, and hackers are already catching on and forcing unwitting devices to mine cryptocurrency for them. These devices are accessed via ADB, which means that hackers can run whatever commands they want, and if a root exploit exists for a device, they can use it. This essentially means that all of the devices being accessed with this exploit are in very real danger of being remotely rooted, which comes with its own set of issues, and made to do just about anything for the hackers, up to and including implementing changes in their system code.

Android Debug Bridge normally has to be enabled by the user first, by going into their device's Developer Settings. These devices, however, are not only shipping with USB debugging enabled, but also ADB over network. To be clear, this is not the way that ADB is supposed to be implemented. This allows anybody to scan for open connections on port 5555, and send each open port they find a set of ADB instructions. Compromised devices will obey, and anything else will simply throw up an error and continue operating as normal. Compromised devices are found worldwide, but tend to be focused in China. To check for compromised devices on your network, you can manually scan your network for connections on port 5555, and the method and tools for this differ vastly depending on what device and OS you're using. If you find that you own a compromised Android device and you can get into its Settings menu, go into About Device or the equivalent subheading, then find your Build Number and tap on it seven times to enable Developer Settings. Go into the new menu, and disable ADB in order to block the exploit.

ADB exploits are uncommon, since the standard is normally controlled entirely by the device's owner, i.e. user. Cryptocurrency mining exploits, however, are far more common, and can be implemented in a number of ways that don't all necessarily involve a high degree of client intrusion. These can be served up via drive-by web pages with JavaScript instructions, embedded code in ads on otherwise legitimate pages, and hidden code in seemingly benign apps, to name a few.


Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments