Project

General

Profile

Issue #1227

ADB USB Debugging bypass

Added by Pep tide over 6 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
03/18/2015
Due date:
% Done:

0%

Estimated time:
Resolution:
wontfix
Device:
Not device specific
Grant:
Type of work:

Description

From the lock screen navigate to the Emergency Dialer or Camera app.
adb kill-server; adb shell will prompt you with a confirmation dialog for ADB accesss.

Occurs even with FDE.


Files

#2

Updated by Paul Kocialkowski over 6 years ago

Please propose a patch for fixing this in the current Replicant 4.2 code. If this was not fixed upstream (in either AOSP 4.2 or CyanogenMod 10.1), this is just a inherited problem and if no one is willing to backport a fix, it will stay as-is, just like the webview vulnerability.

#3

Updated by Wolfgang Wiedmeyer almost 6 years ago

This was fixed in AOSP 4.4.3, but I could not find a CVE for this issue. The patch was very well hidden, but I eventually found it:
https://android.googlesource.com/platform/frameworks/base/+/1f52437%5E!/
Patch works and I cannot reproduce the bug with the patch applied.

#4

Updated by Denis 'GNUtoo' Carikli over 5 years ago

  • Device Not device specific added
#5

Updated by Jeremy Rand almost 4 years ago

Wolfgang Wiedmeyer wrote:

This was fixed in AOSP 4.4.3, but I could not find a CVE for this issue. The patch was very well hidden, but I eventually found it:
https://android.googlesource.com/platform/frameworks/base/+/1f52437%5E!/
Patch works and I cannot reproduce the bug with the patch applied.

I can't reproduce this bug on Replicant 6.0 0001, which makes sense if upstream AOSP fixed it in 4.4.3. (I didn't try to reproduce it on Replicant 4.2.)

#6

Updated by Kurtis Hanna almost 2 years ago

  • Status changed from New to Closed
  • Resolution set to wontfix

This issue has been closed because Replicant 4.2 is no longer supported or maintained.

Also available in: Atom PDF