Security Enhanced Authentication Framework for Securing ADB Access in AOSP

Abstract

Android as an Operating System (OS) on the Linux platform is designed initially for mobile and tablet devices. The operating system has evolved over time and expanded its device portfolio to include various other devices including smart TV, video conferencing devices, cars, entertainment systems, etc.

Debugging is an important aspect of any software development. Debugging software tracks software information including memory allocation, software state, interface calls, processes, etc. Android Platform provides Android Debug Bridge (ADB) which comes along with Software Development Kit (SDK) that helps the developers with the software development cycle during the product or application development.

Android Platform provides an opportunity for the end users to switch to development mode in the device by enabling the developer option. End-users can then use the device to build and test their applications. ADB is a client-server tool that helps to connect to the device/emulator over Universal Serial Bus (USB) or Transmission Control Protocol (TCP). The ADB command enables a range of system behavior, such as downloading and debugging applications, and it gives access to a Unix shell that can be used to execute a range of device commands.

ADB very effectively allows application developers to obtain maximum privileges on Android smart devices, which draws the attention of attackers. A lot of attacks (Droid dream, windows malware, juice filming attack, etc.) are executed using the ADB feature. Malware (Crypto mining malware) is transmitted across devices through open ADB Malware. An affected Android-powered device shall stand as an access point for hackers to launch an attack on other devices connected to the same network.

The problem causes the Original Equipment Manufacturers (OEMs) designing such devices to disable the feature in production devices, which challenges the device’s needed access postproduction, during the warranty period. Thus, ADB is a pivotal area to focus on, and this research paper aims at throwing light on an approach that can be pursued which would result in enhanced ADB security.

Keywords: ADB security, Encryption, Vulnerabilities

AUTHORS

Sathya Subbiah


Product Security Architect at Signify Innovations India Limited

Sridhar Govardhan

Senior Vice President and Head of Information Security, CoinDCX


An expert in information security focused on application vulnerabilities, who spearheads organizational initiatives for building self-defensible enterprise network. With his hands-on knowledge in cybersecurity frameworks and regulations, he is extending support to several global brands in optimizing their business processes.

Shinu Abhi

Professor and Director - Corporate Training


She leads the corporate training programs in emerging technologies for working professionals and organizations. RACE runs top ranked programs in Analytics, Cybersecurity, Artificial Intelligence both regulated and customized programs for working professionals and organizations. Dr. Shinu Abhi is a Fulbright fellow at Lehigh University, Pennsylvania. She is a certified Entrepreneurship Educator with Honours, by National Entrepreneurship Network, IIM Bangalore, Stanford University (STVP) and ISB Hyderabad and have trained aspiring entrepreneurs and start-ups and was instrumental in setting up incubation centers at two institutions. She has two decades plus of experience in industry and Academia of repute. She has a PhD and MPhil in Strategy and Entrepreneurship, MBA in Marketing and PG in Instructional Design (PGDID).

Leave a Reply

Your email address will not be published. Required fields are marked *