(In)Secure Android Debugging: Security analysis and lessons learned

Krzysztof Opasiak , Wojciech Mazurczyk

Abstract

Universal Serial Bus (USB) is currently one of the most popular standards that controls communication between personal computers (PCs) and their peripheral devices. Thus, it is important to establish whether such connections are properly secured especially when USB is used to connect devices like smartphones, tablets, etc. where sensitive user data can be potentially stored. For this reason, this paper evaluates security of the recent Android versions with respect to the USB-related attacks. In particular, we present a novel approach to compromise Android-based devices by exploiting Android Debug Bridge (ADB) protocol using Man in the Middle (MitM) attacks. Comprehensive analysis of those types of attacks have revealed five novel security vulnerabilities in the Android OS. Security gaps found in this paper cannot only be used to bypass the lock screen security and to gain unauthorized access to the user’s private data but also to enable future ADB attacks by incorporating a backdoor to bypass phone security at any time. We also developed a tool which exploits all discovered vulnerabilities and can serve as a security mean to assess current ADB implementations as well as future protocol improvements. By disclosing new security weaknesses we want to raise security awareness of the users, researches, security professionals, and developers related to the USB-related attacks and to the threat they pose not only to PCs but also to the USB devices.
Author Krzysztof Opasiak (FEIT / IT)
Krzysztof Opasiak,,
- The Institute of Telecommunications
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
Journal seriesComputers & Security, ISSN 0167-4048, (A 30 pkt)
Issue year2019
Vol82
NoMay 2019
Pages80-98
Publication size in sheets0.9
Keywords in EnglishMobile security, Android, USB, ADB, MITM
ASJC Classification3308 Law; 1700 General Computer Science
DOIDOI:10.1016/j.cose.2018.12.010
Languageen angielski
File
2019 Opasiak Mazurczyk (In)SecureAndroid ebugging.pdf 3.61 MB
Score (nominal)30
ScoreMinisterial score = 30.0, 29-04-2019, ArticleFromJournal
Ministerial score (2013-2016) = 30.0, 11-03-2019, ArticleFromJournal
Publication indicators WoS Citations = 0; Scopus Citations = 0; Scopus SNIP (Source Normalised Impact per Paper): 2016 = 2.217; WoS Impact Factor: 2017 = 2.65 (2) - 2017=2.862 (5)
Citation count*
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back