Android phone hacking via USB over TCP/IP – A scenario we came across on a recent pentest.
- On an already compromised machine, a smartphone was identified to be connected via USB.
- The attacker installs a software on the compromised machine that enables sharing of its USB ports across the network via TCP/IP-giving it its own TCP port.
- The attacker then uses a client software to connect his attacking machine to the remote USB port.
- The attacker launches ADB (Android Debug Bridge) and uploads an exploit file.
- The exploit is launched and the attacker gains full control of the victim’s phone.
Root Exploit: https://github.com/revolutionary/zergRush/
USB Emulator: http://www.usb-over-network.com/usb-over-network-download.html