Android phone hacking via USB over TCP/IP

Android phone hacking via USB over TCP/IP

Android phone hacking via USB over TCP/IP – A scenario we came across on a recent pentest.

  • On an already compromised machine, a smartphone was identified to be connected via USB.
  • The attacker installs a software on the compromised machine that enables sharing of its USB ports across the network via TCP/IP-giving it its own TCP port.
  • The attacker then uses a client software to connect his attacking machine to the remote USB port.
  • The attacker launches ADB (Android Debug Bridge) and uploads an exploit file.
  • The exploit is launched and the attacker gains full control of the victim’s phone.

Root Exploit:    https://github.com/revolutionary/zergRush/
USB Emulator: http://www.usb-over-network.com/usb-over-network-download.html

 

Comments