(In)Secure Android Debugging: Security analysis and lessons learned. Issue 82 (May 2019)
- Record Type:
- Journal Article
- Title:
- (In)Secure Android Debugging: Security analysis and lessons learned. Issue 82 (May 2019)
- Main Title:
- (In)Secure Android Debugging: Security analysis and lessons learned
- Authors:
- Opasiak, Krzysztof
Mazurczyk, Wojciech - Abstract:
- Abstract: Universal Serial Bus (USB) is currently one of the most popular standards that controls communication between personal computers (PCs) and their peripheral devices. Thus, it is important to establish whether such connections are properly secured especially when USB is used to connect devices like smartphones, tablets, etc. where sensitive user data can be potentially stored. For this reason, this paper evaluates security of the recent Android versions with respect to the USB-related attacks. In particular, we present a novel approach to compromise Android-based devices by exploiting Android Debug Bridge (ADB) protocol using Man in the Middle (MitM) attacks. Comprehensive analysis of those types of attacks have revealed five novel security vulnerabilities in the Android OS. Security gaps found in this paper cannot only be used to bypass the lock screen security and to gain unauthorized access to the user's private data but also to enable future ADB attacks by incorporating a backdoor to bypass phone security at any time. We also developed a tool which exploits all discovered vulnerabilities and can serve as a security mean to assess current ADB implementations as well as future protocol improvements. By disclosing new security weaknesses we want to raise security awareness of the users, researches, security professionals, and developers related to the USB-related attacks and to the threat they pose not only to PCs but also to the USB devices.
- Is Part Of:
- Computers & security. Issue 82(2019)
- Journal:
- Computers & security
- Issue:
- Issue 82(2019)
- Issue Display:
- Volume 82, Issue 82 (2019)
- Year:
- 2019
- Volume:
- 82
- Issue:
- 82
- Issue Sort Value:
- 2019-0082-0082-0000
- Page Start:
- 80
- Page End:
- 98
- Publication Date:
- 2019-05
- Subjects:
- Mobile security -- Android -- USB -- ADB -- MITM
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.12.010 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9510.xml