Thousands of Android Devices Shipped with their Debug Port Exposed
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)

Thousands of Android Devices Shipped with their Debug Port Exposed

The issue dates back to February, but appeared again last week

An old Android bug, ADB.Miner, which was originally spotted by Qihoo360 Netlab back in February is finding new life thanks to a vendor oversight.

The bug, or more specifically, the worm is a cryptocurrency miner that takes advantage of the Android Debug Bridge (ADB), a baked-in feature that allows the vendor to troubleshoot faulty devices.

Typically, on Android devices the ADB feature is disabled by default, meaning that a user would have to manually connect it during a USB connection. The problem is that some vendors are shipping Android devices with the feature still turned on.

What complicates this even more is that the ADB also supports WiFi connections, which means that many device owners may not even realize it but their phone is completely accessible to remote connections made via the ADB interface, which is typically accessible via TCP port 5555.

It gets better, because ADB is a troubleshooting mechanism it grants access to some pretty powerful tools, including a Unix shell.

This is how the original worm, ADB.Miner, originally spread back in February. It would gain access to a device via ADB, use the Unix shell to install the miner and then scan for new devices to infect.

Last week, in a post on Medium, researcher Kevin Beaumont reminded everyone about the original issue while warning that thousands of devices are currently exposed online, with the highest concentration in China.

Android ADB

In terms of raw numbers I can see nearly ten thousand unique IP addresses scanning in any 24 hour window, and over a hundred thousand IP addresses scanning each 30 days. It is worth keeping in mind that because of Network Address Translation and dynamic IP reservations it is difficult to know the exact number of devices. But it is safe to say: “a lot”.

That’s not good, and the average internet user isn’t going to know how to check whether their Debug port is exposed. Fortunately, we can help with that.

How to turn off Android Debug Bridge

You’re going to need to go into the developer tools and make sure that you’ve got ADB toggled off. Here’s how you do it. For Android 4.2 and beyond, the Developer Tools are hidden, here’s how to make them viewable.

  1. Go to Settings
  2. Select About phone
  3. Tap the Build Number seven times
  4. Return to the previous screen, Developer Tools should display at the bottom.

I realize that sounds like some crazy cheat code video game stuff, but read the source material if you don’t believe me.

Ok, now that you can view Developer Tools, here’s what you need to do:

  1. Select Developer Options
  2. Make sure that USB debugging is disabled

Boom. Done. Much like your fly, it is unbecoming to leave your Debug port open. Now you can make sure you haven’t.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.