Security Enhancement of Android USB Debugging Mode

Till today, there are more than 1 billion smartphone users worldwide. With smartphones become more popular, more security instances have been reported. Therefore, it is important to study the security issues of smartphones and develop effective approaches to safeguard them. This research is focused on Android based systems, in particular, the security of Android Debug Bridge (ADB). As an important feature to facilitate Android development and debugging, ADB has a high privilege level and a low level of protection. Many attacks on Android systems have taken advantage of the security holes of ADB. Thus, in the updating patch of Android 4.2.2, a new security feature secure USB debugging was implemented so that only trusted hosts can use ADB. Our research analyzes its protection effects on ADB based attacks and found that the new feature cannot provide sufficient protection when the host used to connect with Android devices has been compromised. We then implement an attack following this method and propose a cost-effective security mechanism to harden the USB Debugging Mode. An implementation of this design and its evaluation are also provided to demonstrate its effectiveness.