Timeline

A vulnerability was discovered within the Amazon Fire Phone USB Debugging functionality. The Modified Android 4.2.2 Operating System running on the Fire Phone was found to not enforce Secure USB Debugging.

Description

Android Debug Bridge (adb) is a command line tool that allows users to perform actions that can assist during development or debugging. This tool allows users to access various functionality and data on a device, including the installation of applications and extraction of information. Secure USB Debugging was added to Android 4.2.2 and onward, to ensure that only a limited number of hosts are able to connect through adb. Addition of hosts to the device’s whitelist requires the device to be unlocked and the user to accept connections via a prompt. However, it was found that the Amazon Fire Phone, which runs a modified Android 4.2.2 Operating System (OS), did not enforce Secure USB Debugging. The vulnerability detailed is only exploitable if USB debugging is enabled on the device.

Impact

This allows attackers to gain adb access to the device, which would allow them to:

1. Install/uninstall applications
2. Bypass the lock screen
3. Access a high privilege shell on the device
4. Steal data from applications and settings on the device

Cause

The device never prompts users to accept new hosts and it is possible to connect via adb even when the device is locked.

Interim Workaround

Ensure that USB Debugging is disabled on the device.

Solution

Users should update to the latest version of Fire OS, as the issue has been addressed in Fire OS 4.6.1.