Security enhancement of secure USB debugging in Android system

摘要

The security of Android Debug Bridge (ADB) has attracted much attention from researchers, because it has a high privilege level and a low level of protection. Many attacks on Android systems have taken advantage of the security holes of ADB. Thus, in the updating patch of Android 4.2.2, a security feature secure USB debugging was implemented so that only trusted hosts can use ADB. Our research analyzes its protection effects on ADB based attacks and found that the new feature cannot provide sufficient protection when the host used to connect with Android devices has been compromised. A demonstration attack following this method is given along with an improvement design of the security mechanism of USB Debugging Mode. An implementation of this design and its evaluation are also provided to demonstrate its effectiveness.