Malicious Toolkit Thwarted by adbdSecure
First off, it bears noting that XDA in no way supports the use of anything that can be considered malicious. Some would say that certain tools can be used for good, such as packet-sniffing your home network. But the reality is that as a hacking site, the inevitable will happen. What one might have intended for good, can (and most often is) used for evil.
A malicious toolkit by Kos recently appeared in the wild called P2P ADB, which provides tools for attacking a device if ADB Debugging is left enabled on the other device. Here is a breakdown of what this toolkit enables by taking advantage of USB Debug Mode, Root, and some crafty hacks:
- the bypassing of lock screens,
- making system changes and even “backing up” Android profiles, all from one phone to another
- perform an Auth token cloning attack, enabling an attacker to gain access to a victims Google account, change the password, or even setup a one-time-password for themselves if two-factor-authentication is enabled
XDA Elite Recognized Developer Stericson immediately recognized the danger and created adbdSecure. His application helps to guard your device from malicious attacks that seek to use adbd, but only does so when you have enabled a password, PIN, or pattern lock for your lock screen. adbdSecure will turn adbd on when the phone is unlocked and will turn it back off when the screen goes off, thus preventing any sort of intrusion on your device. Add Tasker into the equation, and you have a pretty versatile application for all sorts of protection.
And in the true nature of XDA, Stericson has open-sourced the application so that you can take what he has done and improve it, as well as contribute more to the community. You can find the source on GitHub, and download the application for your device on Google Play. And once again, the only way to protect your device from this attack is to take the initiative and add lock screen protection.