As per this article some Android devices are being shipped from factory with the Android Debug Bridge(ADB) enabled.
For the ones not aware of what is ADB, try to think of it as the shell for Android devices, that lets anyone execute commands and install whatsoever they want, thus allowing them to take full control of the device without the need to authenticate.
ADB was supposed to only work when connected to a computer via usb port, but as the security researcher Kevin Beaumont discovered the ADB is listening on tcp port 5555, thus anyone from internet can access it and take over your Phone, Tablet, TV or any other Android enabled device.
This exploit allows an attacker to perform all kinds of stuff, like crypto currency mining, stealing credentials, ransomware, espionage on what you are doing, etc.
As an example among others we have Hide 'N Seek IoT Botnet targeting Android devices by leveraging this ADB flaw.
What are your thoughts on this ADB exploit?
It seems that the article I linked from the security researcher Kevin Beaumont is misleading in how ADB works on an Android device as pointed out in the comments.