Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners

The rapid pace at which connected smart home devices are increasing, have opened the gates for a new era of cyber-attacks on IoT devices including smart phones, TVs, IP cameras, etc. These attacks are mostly in the form of crypto mining attacks wherein cryptocurrency-mining botnet enters the targeted device via open ADB port and spreads to other connected systems that have previously had a SSH (Secure Shell which is a cryptographic network protocol) connection with the host device.

IoT being a relatively new technology, people are still not very conscious about the security measures related to it. This is one major reason that people often tend to handle their IoT devices carelessly, leaving ADB port open for attackers to use them as bots to attack other connected devices for mining.

The recent case of a Surat couple’s webclip getting leaked via unauthorized access of their smart TV (Source: https://bit.ly/2OvXkg9), goes on to show the weak security measures taken by people while using IoT devices.

So, what exactly makes these IoT devices vulnerable?

IoT devices like smart TV, phones, cameras, etc. are basically powered by processors that run on either Android or Unix operating system. These devices use ADB Port (Android Debug Bridge), which is part of the Android SDK, to manage communication between devices.

The IoT devices with certified version of android come with the ADB port disabled as a default setting. However, there are several smart TV manufactures that sell these TV’s with uncertified version of android with the ADB port open. In addition, many a times, users manually enable debugging, for side loading apps like Netflix and Hotstar on their smart TV’s. This again causes the ADB port to be left open and vulnerable for attackers to install malicious apps, drop malware like miners and mine out any data from device.

Since, the ADB port does not require any authentication to target a device, it becomes easy for cyber criminals to exploit the port and make changes in the attacked device. Using this port, attacker can take complete access of the device including its app installation, webcam, etc. Once installed, the botnet spreads to other connected devices making them susceptible to attack.

Quick Heal Security Labs have observed increased attacks on ports 5555 – ADB port, 23 telnet and 22 – SSH port, which again goes on to show the increased vulnerability of all these devices. X`

Recent cases of botnet attacks report two cryptomining botnets named Trinity and Fbot, fighting to take control over tens of thousands of unsecured Android devices via ADB port 5555. Read here to know more about this botnet attack.

While these cryptomining botnets will remain and continue to evolve with time, it is clear that android-based IoT device owners need to keep their eyes open for this malware trend and take necessary measures to ensure the security of their device, when exposed to the internet.

Installing Quick Heal Home Network Security (QHHS), a secure Wi-Fi router, could be one such important measure towards ensuring the security of your connected smart home devices. This smart router is programmed to protect your home Wi-Fi network, by adding an extra layer of security between your smart devices and threats on the Internet.

It’s always better to play safe earlier than pay hard later!

Sushmita Kalashikar

Sushmita Kalashikar


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image