Android Debugging Port Left Open Leaving Devices Vulnerable

According to security researcher Kevin Beaumont, Android devices are being shipped by some vendors with the Android Debug Bridge (ADB) over Wi-Fi feature enabled, leaving the device vulnerable to remote connections via TCP port 5555. In February of this year, researchers at Qihoo 360 Netlab discovered that threat actors were exploiting a vulnerability in the ADB debugging port to install the cryptocurrency miner ADB.Miner on vulnerable Android devices. After the device is infected, it scans for additional devices with port 5555 open in order to spread the infection. Additionally, a Metasploit module is available to automate the process of exploiting vulnerable Android devices via port 5555, making it easier for less-sophisticated threat actors to take control of these devices. The NJCCIC recommends all users of Android devices review Kevin Beaumont’s blog post for more information on this vulnerability and ensure they do not have ADB over Wi-Fi enabled on their devices.