Fee-Fi-Fo-Fum - Android ADB Wars

[KBU2]

https://www.zdnet.com/google-amp/ar...ol-of-thousands-of-unsecured-android-devices/

 

[Mikestony]

So do I understand correctly that those 2 botnets can connect only if I have have ADB enabled (usb debugging) over wifi? Or strictly the USB debugging option left on?

 

[Hadron]

Logically if you only have ADB over USB they would need to infect via your USB connection, which requires access to the computer you are connected to at the time. So although the article doesn't say, I think that it has to be if you have enabled ADB over WiFi.

 

[KBU2]

So do I understand correctly that those 2 botnets can connect only if I have have ADB enabled (usb debugging) over wifi? Or strictly the USB debugging option left on?

From my understanding it's both but mainly through USB debugging when left open.

 

[KBU2]

.

 

[lunatic59]

I really hate the sensationalism over at ZDNet.

I just verified that AT&T does not leave ports open or port forward port 5555 over their mobile network and my home and work networks certainly don't, either. So how exactly is a bot supposed to find my phone? Maybe briefly using misconfigured public wifi? Magic? And since selinux has been part of android (5.x and higher) you need to authorize devices that connect via ADB.

So, while technically, ADB does leave port 5555 open and listening with debug mode enabled, having a bot able to take control will be a lit more difficult. If you read the article, it also states that most affected devices are Android TV boxes which are cheaply made without security in mind. Many times they are running older versions of Android and come rooted out of the box.

The virtual sky is falling!!!

 

[KBU2]

I really hate the sensationalism over at ZDNet.

I just verified that AT&T does not leave ports open or port forward port 5555 over their mobile network and my home and work networks certainly don't, either. So how exactly is a bot supposed to find my phone? Maybe briefly using misconfigured public wifi? Magic? And since selinux has been part of android (5.x and higher) you need to authorize devices that connect via ADB.

So, while technically, ADB does leave port 5555 open and listening with debug mode enabled, having a bot able to take control will be a lit more difficult. If you read the article, it also states that most affected devices are Android TV boxes which are cheaply made without security in mind. Many times they are running older versions of Android and come rooted out of the box.

The virtual sky is falling!!!

That maybe so but I take what AT&T technical support personnel information with a grain of salt. They couldn't even give information on how to connect a difference device from a previous owner because the person didn't know they're Google account information to activate the phone. So I took it amongst myself to help the person by having them too create a new Google account to get the device started. I didn't want to argue with one of those over paid AT&T technicians when I had to end up doing their job in getting a device activated for one of their customers. The customer told me you should have had that job because he was totally clueless on what he was talking about and then maybe across the board for any other information that they choose to want to share with people.

In hindsight I did want to tell the customer I am somewhat of an Android expert

 

[lunatic59]

That maybe so but I take what AT&T technical support personnel information with a grain of salt.

When I said "verified" i didn't mean i confirmed it with an AT&T employee. I tested it myself from several different endpoints, and even opened port 5555 briefly on my own firewall to see if i could indeed connect to any device. Nopity nope nope.

Like many of these black hat warnings, it's based in truth, and the potential is there and even with proof of concept, the reality is that they are crying wolf when they see a hedgehog. Granted, a low tech home user may have a poor router configuration with the firewall passing traffic on all open ports, but i would guess that those smart enough to enable debugging would also have a better home network setup.

 

[mikedt]

So basically the mark would really need to go out of their way to get infected by this? Like turning on ADB and debugging, from the device's developer menu, which is usually hidden. and have 5555 port forwarded as well via the carrier.

 

[KBU2]

When I said "verified" i didn't mean i confirmed it with an AT&T employee. I tested it myself from several different endpoints, and even opened port 5555 briefly on my own firewall to see if i could indeed connect to any device. Nopity nope nope.

Like many of these black hat warnings, it's based in truth, and the potential is there and even with proof of concept, the reality is that they are crying wolf when they see a hedgehog. Granted, a low tech home user may have a poor router configuration with the firewall passing traffic on all open ports, but i would guess that those smart enough to enable debugging would also have a better home network setup.

I got your point, I've seen people that has seen a mouse but call it a rat. But the fact Still Remains that there may be an imminent threat about whatever the article is stating somewhere out there in the cyber world for Android devices.