Mass Hacking Android Phones

Slack Group

Before we get started I have started a new slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below:

NEW Hacking Group Slack Channel

Notice

ALL TESTS WERE PERFORMED ON MY OWN DEVICES

I HAVE NOT AND WILL NOT USE THIS KNOWLEDGE TO HACK OTHER PEOPLES DEVICES

Introduction

Its January 13th, 2019 and for some reason im thinking about mass hacking phones, so naturally I turn to the internet to see what I can discover. I noticed one particular article that talked about how a worm is exploiting Android Debug Bridge to hack thousands of Android phones(Android Hacking Article ).

Iv never heard of the Android Debug Bridge but apparently certain phone manufactures like to enable it and expose peoples devices to the world.

Technical Details

Intro

Android Debug Bridge(ADB) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.

So basically what that means is that we connect to ADB and we get a shell. This might sound like telnet or SSH and it kind of is, except you don’t need a password to connect to the device. Yes thats right you simply connect to the device unauthenticated and get a shell back. This normally isnt an issue because ADB is not meant to be accessible over wifi, developers are suppose to connect to the device over a USB. However, there is an option to open port 555 to connect to the device over wifi. Of course manufactures are enabling this feature for debugging purposes but they are forgetting to disable it leaving your device open to malicious hackers. More information about ADB can be found below:

• https://developer.android.com/studio/command-line/adb
• https://www.howtogeek.com/125769/how-to-install-and-use-abd-the-android-debug-bridge-utility/

Recon

Searching on Shodan we can find plenty of devices that expose the Android Debug Bridge ,25,507 to be exact. As you can tell the vast majority of these devices can be found in Asia with Taiwan, Korea, and China being impacted the most.

Shodan ADB resultsNot all of these devices are phones, for example I managed to find some amazon firestick devices as well. These are used to control your TV and with the recent Chromecast hack im not surprised to see these.

The Attack

This attack is really basic to pull off. All you need to do is connect to the device over the ADB port. If your on linux you can download ADB by typing:

• apt-get install adb

Now that you have downloaded and installed ADB you can connect to the device by issuing the following command:

• adb connect device_ip_address

Once connected to the device you can do anything you want by issuing the SHELL command as shown below:

• adb shell <YOUR COMMAND>

Thats it, you literally just connect to the device and you can feed it shell commands. This is equivalent to having SSH without a password. The fact that these phones are being shipped like this my default is very scary. The vast majority of these users have no idea that their phone is open to any one. A malicious actor could easily hack all of these devices to install malware. They could read your text messages, listen to your phone calls, ransomware your device and much more.

Conclusion

With all the government surveillance it is really sad to see how easy it would be for them to install malware on your phone and watch your every thought and movement. Phone manufactures are shipping these vulnerable devices to customers and exposing their device to the world. There is no reason for phone manufactures to enable ADB over wifi, especially if you cant remember turn it off. The fact that this takes zero technical skill to pull of is what makes it so devastating. The attack is so easy a cave man can do it.