A new botnet is abusing Android Debug Bridge (ADB) and SSH to capture & collect new Android devices to its network, according to Trend Micro. Experts with Juniper Networks and OneSpan offer observations on mobile device vulnerability and what organizations and users can and can’t to improve device security.
— Datex | DataStealth (@DatexInc) June 23, 2019
Mounir Hahad, Head at Juniper Threat Labs at Juniper Networks:
“Juniper Threat Labs has repeatedly warned users about this very attack vector, including in a blog post one year ago that calls out some of the vendors that ship Android Debug Bridge enabled. The number of publicly vulnerable devices has declined from about 40,000 devices one year ago to about 30,000 devices today. Most of the remaining vulnerable devices are located in Korea, Taiwan, Hong Kong and China. It should be noted that some of the vulnerable devices are set top boxes used for IPTV, not mobile phones. It is our speculation that most of the phones are, or become, vulnerable, due to enabling the Android Debug Bridge during device rooting, a process which allows a locked down device to move freely between service providers.”
Sam Bakken, Senior Product Marketing Manager at OneSpan:
“It can really be hard for the general Android user to keep their device secure. They are beholden to their carriers or device manufacturers in most cases. Even if they wanted to harden their device with security updates or more secure configurations they simply can’t. The general layperson is becoming more aware of security and privacy issues as it relates to the mobile devices and apps they use. Security is becoming a more important criterion in consumer decisions about which devices and apps they will and will not use. Savvy organizations are responding, building security into their mobile apps with technologies such as app shielding and other in-app protections. This not only protects a developer’s intellectual property/app, but also provides at least one safe haven for their users so they can rest easy knowing at least their usage of that one app is secure and protected.”