According to recent reports, it appears that a
part of Android’s core software is once again targeted by bad actors. This
time, the software in question is known as ADB (Android Debug Bridge).
According to a
report published by researchers at cybersecurity firm, WootCloud,
the software is being targeted by a new botnet known as Ares. Ares is targeting
ADB, which is typically only useful for debugging purposes. As such, it is
often used by developers and IT experts for managing, troubleshooting, and
modifying Android devices.
After the process is completed, the software is supposed to be deactivated, as it is usually not useful to regular end-users. However, it appears that some of the set-top boxes (STBs) — streaming boxes that use the Android system — have left ADB active. The same is true for some TVs which are using a basic version of Android .
Now, it should be noted that this is not the
same system that is used on Android smartphones, watches, and alike. The
particular system that is being targeted is specifically named ‘Android OS,’
while the one used by Android smartwatches is Wear OS.
The problem with the fact that the devices are
being shipped with active ADS lies in the fact that the system appears to be
misconfigured. As such, it is vulnerable to attacks such as the ones used by
the Ares botnet. The botnet seems to be using a bot malware to infect the
devices, and scan for other vulnerable devices at the same time.
Even if only one device is infected — if it
happens to be a part of a greater network, the entire network is considered
compromised. It is easy to understand why the attackers might be interested in
gaining access to active ADBs. After all, they are used for controlling and
modifying devices on which they are installed. This also includes the
installation of new software.
Researchers have also found that the attackers
can use port 5555 for bringing up a remote command shell. With streaming boxes
running Android OS being pretty much everywhere, there is no lack of potential
targets.
However, it is also important to note that not all of the Android OS-based streaming boxes are vulnerable to such attacks — only those that have the ADB active after leaving the manufacturer. However, this still includes at least three different brands — QezyMedia, HiSilicon, and Cubetek.
It is also worth mentioning that some of the
ADB interfaces are password-protected, although this does not make them safer
than those that are fully open. Hackers seem to have expected this type of
protection, which is why they armed Ares with a password-hacking component.
Researchers believe that any device with enabled ADB is vulnerable, whether it
has a password set up or not.
Of course, the passwords in question are still the ones that the manufacturer sets by default, and changing the password manually and putting a new, strong one in its place could be helpful. Hackers are known for using brute strength attacks for trying to break into the devices, and if they can’t guess the password — they won’t be able to get in.
However, with the boxes being another product
in the IoT devices sector, it is unlikely that their users are aware of the
danger of leaving the default password on their devices. This has been a
problem of the IoT sector ever since it came to be. Most IoT device users do
not consider the possible implications of leaving the passwords unchanged.
This lack of awareness or concern is what makes the IoT devices so vulnerable , and why hackers often infect them when they are trying to build a new botnet.
WootCloud’s report mentioned the three
manufacturers mentioned earlier — QezyMedia, HiSilicon, and Cubetek — by name,
and advises anyone who may have purchased their product to try manually
disabling the ADB interface. However, since this is not always possible (or
easy), the company also advises trying to block port 5555 via the internet
router’s firewall.
This method also requires a bit of technical
knowledge, as the router needs to be configured. This option is also not the
best approach as ADB is not the only software that depends on this port for
communicating with its environment. The best course of action for the users
would be not to use their devices until the companies publish an update that
will fix the issue.
dumps and cvv shop valid cc dumps