Skybird
06-09-18, 05:09 AM
I place this here, not in the PC forum. Its a real bummer and should raise a big awareness, me thinks.
https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
Android has a feature called Android Debug Bridge (https://developer.android.com/studio/command-line/adb) (ADB for short) which allows developers to communicate with a device remotely, to execute commands and fully control the device.“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.” — Android’s developer portalIt is completely unauthenticated, meaning anybody can connect to a device running ADB to execute commands. However, to enable it — in theory — you have to physically connect to a device using USB and first enable the Debug Bridge.
Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device.
During research for this article, we’ve found everything from fuel tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea.
This is highly problematic as it allows anybody — without any password — to remotely access these devices as ‘root’* — the administrator mode — and then silently install software and execute malicious functions.
Worse and worse and worse in the computerverse.
https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
Android has a feature called Android Debug Bridge (https://developer.android.com/studio/command-line/adb) (ADB for short) which allows developers to communicate with a device remotely, to execute commands and fully control the device.“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.” — Android’s developer portalIt is completely unauthenticated, meaning anybody can connect to a device running ADB to execute commands. However, to enable it — in theory — you have to physically connect to a device using USB and first enable the Debug Bridge.
Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device.
During research for this article, we’ve found everything from fuel tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea.
This is highly problematic as it allows anybody — without any password — to remotely access these devices as ‘root’* — the administrator mode — and then silently install software and execute malicious functions.
Worse and worse and worse in the computerverse.