Exploiting Android through ADB

Hello everybody!!

Today I bring you a very interesting topic.

Anyone who has developed a bit in Android, will know that there is a tool called Android Debug Bridge (ADB) which is very useful when we are developing on Android. This tool is installed on PC and serves as a bridge or connection between our Android and the PC, making us have a command window to work directly on our smartphone.

To connect our Android to the PC we can do it in two ways; by USB or by (and here comes the interesting thing) TCP. I will show you a very interesting tool in which you can exploit various functionalities.

To start configuring our Android, we will have to follow a series of steps (which may vary slightly from one smartphone to another). Therefore, we will have to go to Settings -> About the phone and once there, look for where it says “Compilation number” and press 7 times in a row. Done this you will see something similar to the following image.

Activando opciones de desarrollo.

You are now a developer! 😉

Now, we will only have to go Settings -> Developer options and search the option “USB Debugging“; We must activate this option. In case we have given an emergent message confirming, we confirm.

Activando depuración USB.

Ready, we will have our Android ready to play.

We go to the PC, because we will have to install the ADB tool.

For this step, we can go to the official Android page and we should download the SDK Platform-Tools for our OS. Since the ADB is integrated into the Platform-Tools (along with other utilities) we will have to download the package. In the rest of Linux, I do not know if ADB (or Platform-Tools) is uploaded in the Linux repository, but if you are in Kali, just do:

 # apt-get install adb

You can install the tool easily and quickly.

Perfect, we have the PC and our Android ready; let’s connect them with USB.

Now we just have to ask ADB which devices are connected.

Dispositivos conectados.

As you can see, it has recognized our Android connected, but it has no authorization to do anything. At that moment, a confirmation will appear to allow access to our Android.

Dispositivos conectados.

After accepting, checking the option to always allow your PC (the message will not appear again every time we want to do something), if we ask ADB again for the connected devices, our Android will appear again, but now it will appear asdevice” instead of “unauthorized“.

Next, we will enable the option to debug via TCP.

Habilitar depuración TCP.

Once TCP debugging is enabled on port 5555 (by default), we can remove the USB cable.

To be able to connect with our Android, now, it is necessary that our Android has an internet connection, in my case, having it connected to WiFi, the associated IP is 192.168.1.37. (At this time there would also appear a request for permissions on the Android, if we remembered it, it will not appear).

Now we are going to use a Zucccs tool called PhoneSploit that will allow us to have an abstraction layer with our Android, where we can make interesting actions.

PhoneSploit.

To connect to our Android, just use the options it shows.

PhoneSploit connection.

Once connected, we can use a lot of options to our diposition, for example launch the shell to interact with our Android.

PhoneSploit shell.

Also with the Shell, you could access the files of the SD, photos and videos from the camera, and even WhatsApp, in short in many sites. It is true that we have not root privileges, it would be more difficult to access restricted sites, but there are many things that can be done without being root.

In addition with PhoneSploit, for example, a screenshot will be made!

PhoneSploit captura.
Captura.

As you can see, there are more options; like record the screen, install applications and so on. For example, with applications an attacker could install a malicious app, banking type for example.

We could keep choosing options, but I’ll let you try it!

Now that you know the things that can be done, you can think, can an attacker make a capture of my mobile and I do not realize? Can an attacker do all that with my Android?

Well it is a sensitive issue, the truth is that yes and no. Everything mainly falls on whether you have granted permission to the PC, otherwise, you could not. But of course, have you ever thought about when you bought a second-hand mobile (if you have done so) if it already comes with developer options enabled and even with USB debugging? 😉

Without thinking that, there are products (mostly Chinese) type SmartBox TV that comes with debugging by TCP enabled by default. Yes, the SmartBox too.

In fact, if we look at Shodan and search for “Android Debug Bridge

Shodan ADB.

Almost 13000 Android devices that Shodan have found with debugging by TCP enabled, and you just have to take a quick look to see that there are all kinds, I would even dare that there are even Smart TVs!

You can say, ok, but you have to accept the request for permission to pair the PC with the Android, yes, but of almost 13000 devices, would they all deny access? Who has not accepted a message without reading it? By statistics there will be enough! Not to say that an attacker could “bomb” requests and not stop until it is accepted.

Will any of these Android devices, your device?

I hope I have explained myself clearly and that you liked it. If you want me to continue commenting on ADB & Android, you just have to tell me and I will continue to do more of this kind a little more complex / interesting at the technical level. I know that this post has not been very technical but you have to vary too.

PS: I also remind you that the Allhacked including its posts (including this one), are also available in Spanish.

See you in the next post! 😉

Happy Hacking!

15 thoughts on “Exploiting Android through ADB

Leave a Reply

Your email address will not be published. Required fields are marked *