Android 4.2.2 update brings useful USB ADB protection

Google_android_logoIf you own a Google Nexus device you might want to check > System Updates for the Android 4.2.2. update (JDQ39). I’ve checked the Galaxy Nexus and Nexus 7 devices running Android 4.2.1 here in the UK and we received the updates OTA for the Galaxy Nexus but not via Wi-Fi on the Nexus 7. See bootnote.

Having completed a thorough review of Android 4.2.2, there appears to be only one security improvement, which protects the ADB (Android Debugger) functionality. This update introduces a USB debug whitelist baked into the Android operating system, which prevents ADB from being used to steal your device data. This works when you connect your PC (you will see a prompt asking you to allow your PC to allow USB debugging) to your Android device via USB, Android will collect your PC’s RSA key to identify your PC to your Android device.

Did you know? Only 1.4% of all Android devices are running Android 4.2. One reason for this might be that not every Nexus device can actually support 4.2.2. 🙁

If you lose your Android device running 4.2.2 and assuming you use a screen lock i.e. password, PIN, gesture, face recognition etc, this will stop someone from using ADB to access your device data and copying it onto a hard drive. Remember, this ADB security update only disables access to ADB debugging if you enable the screen lock. It will also fail to work if your device is rooted or has an unlocked bootloader. The bootloader would need to be locked if the whitelist is to be effective, otherwise someone else could access the boot loader to disable the protection.

TIP: Never leave USB debugging enabled folks regardless of whether you are developer or not!

An interesting question – Do thieves really want your data or do they just want to wipe your device and then resell? This question will have a different answer if you are an individual or a business. The latter could have obvious commercial implications i.e. emails, spreadsheets, word documents etc. Solutions? BlackBerry Balance springs to mind here which allows an administrator to remotely wipe the business data – partitioned encrypted password protected volumes is another – one for individual use and the other business – again BlackBerry BB10 provides this FIPS 140-2 certified security functionality.

Safe surfing folks!

Bootnote: I’d avoid doing a manual install of 4.2.2 for now, as we’ve not seen URL’s that point to builds associated with the Galaxy Nexus or Nexus 7. If you do want to do a manual install of Android at any time why not check out my Nexus 7 post.

This entry was posted in android, blackberry, google, mobile and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *