1

Are there any significant security concerns with having a phone with debug mode enabled 24/7? As I understand it the debug mode only really becomes active once the phone is connected via USB cable to a computer with the adb driver which would basically limit the security concerns to malicious programs being installed on a computer and waiting for a phone to connect?

Or are there any other security issues involved that enables apps on the phone themselves to do anything, Bluetooth or WiFi exploits or something similar?

inquam
  • 111
  • 3
  • What is USB debugging? Can I keep it ON forever? covers pretty similar ground. – eldarerathis Feb 05 '13 at 14:41
  • @eldarerathis: To some extent, yes. But there is no real mention of any of the possible security aspects I'm curious about. – inquam Feb 05 '13 at 14:47
  • 1
    @inquam from that linked post: "CON: If your device is lost or stolen, an unscrupulous individual could attempt to steal data from the device regardless of whether or not you've got a screen lock. If you're rooted, they can get pretty much everything." pretty much sums up the main security problem with leaving it on – GAThrawn Feb 05 '13 at 15:27
  • Exactly. Forensics expert Andrew Hoog mentions checking for enabled Debug mode as one of the main things on a forensic analysts todo list. For data extraction, of course -- and may it be via rooting the device to get access to those data. – Izzy Feb 05 '13 at 16:59
  • All valid points. But the issues with the phone itself getting in the wrong hands etc are all known to me. What I'm wondering about is if there are any other ways to remotely attack a phone in debug mode using WiFi, Bluetooth, NFC or something like that.

    As I said, we assume that the owner of the phone has possession of it all the time and that we ignore the issue with malicious software being installed on the client PC and infects the phone when connected via USB to that computer.

     – inquam Feb 05 '13 at 19:20

0 Answers0