Security Enhanced Authentication Framework for Securing ADB Access in AOSP
Abstract:
Android as an Operating System (OS) on the Linux platform is designed initially for mobile and tablet devices. The operating system has evolved over time and expanded its device portfolio to include various other devices including smart TV, video conferencing devices, cars, entertainment systems, etc.
Debugging is an important aspect of any software development. Debugging software tracks software information including memory allocation, software state, interface calls, processes, etc. Android Platform provides Android Debug Bridge (ADB) which comes along with Software Development Kit (SDK) that helps the developers with the software development cycle during the product or application development.
Android Platform provides an opportunity for the end users to switch to development mode in the device by enabling the developer option. End-users can then use the device to build and test their applications. ADB is a client-server tool that helps to connect to the device/emulator over Universal Serial Bus (USB) or Transmission Control Protocol (TCP). The ADB command enables a range of system behavior, such as downloading and debugging applications, and it gives access to a Unix shell that can be used to execute a range of device commands.
ADB very effectively allows application developers to obtain maximum privileges on Android smart devices, which draws the attention of attackers. A lot of attacks (Droid dream, windows malware, juice filming attack, etc.) are executed using the ADB feature. Malware (Crypto mining malware) is transmitted across devices through open ADB Malware. An affected Android-powered device shall stand as an access point for hackers to launch an attack on other devices connected to the same network.
The problem causes the Original Equipment Manufacturers (OEMs) designing such devices to disable the feature in production devices, which challenges the device’s needed access postproduction, during the warranty period. Thus, ADB is a pivotal area to focus on, and this research paper aims at throwing light on an approach that can be pursued which would result in enhanced ADB security.
Keywords: ADB security, Encryption, Vulnerabilities
AUTHORS
Sridhar Govardhan
Senior Vice President and Head of Information Security, CoinDCX
Shinu Abhi
Professor and Director - Corporate Training