|
|
|
|
|
|
by pimterry
1134 days ago
|
|
|
Whilst publicly exposing ports from a phone is still certainly scary, for ADB specifically it's actually not as bad as it sounds - wifi debugging requires an explicit & bi-directionally initiated pairing process beforehand (sharing a 6 digit code or scanning a QR code to do so) and then also separately trusting the public key of the connecting computer at the moment when it connects. To allow untrusted access, you'd have to have the ADB port accessible to the attacker, and then intentionally open developer options and tap "pair for wifi debugging", and then enter/scan a malicious pairing code, and then accept the unrecognized public key when the device connected. And if that does happen, there's a persistent notification that a debugger is connected. |
|
|