It's certainly possible in rooted devices, aka devices that run custom android images (instead of factory defaulted images).
In typical non-rooted devices, for example, Samsung/HTC/LG/Motorola/Nexus,
"USB Debugging" is disabled by default and needs to be enabled first time connecting through a micro-USB cable.
Even "USB Debugging" is enabled, the image that's built is called 'user' build, which disables 'sudo'(superuser) access.
You can run a limited set of commands. All these are designed to protect the user, but there are potential for collecting information based on the apps that you run and possible hack if any of the apps have any vulnerability.
P.S: One small correction in your article is that it's not the flaw of the ADB. ADB is designed in such a way that you can connect to a device through micro USB or over Wifi for development purposes. To quote from the article that you shared, even the author of the article agrees with the same.
These are not problems with Android Debug Bridge itself; ADB is not designed to be deployed in this manner.
I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
Sorry I know is not an ADB flaw, I just failed to express my self!!!
Thanks for pointing it out... I will edit the article and fix it.
Regarding ADB privileges for what I understand from Kevin Beaumont article, once you connect over tcp port 5555 you have full admin/root privileges, not a limited set of privileges.
That is not exact.
You have root rights if the user is not using a supplier (Samsung, Sony, etc...) Android OS image.
If the device is rooted then you can indeed have root privileges.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It's certainly possible in rooted devices, aka devices that run custom android images (instead of factory defaulted images).
In typical non-rooted devices, for example, Samsung/HTC/LG/Motorola/Nexus,
You can run a limited set of commands. All these are designed to protect the user, but there are potential for collecting information based on the apps that you run and possible hack if any of the apps have any vulnerability.
P.S: One small correction in your article is that it's not the flaw of the ADB. ADB is designed in such a way that you can connect to a device through micro USB or over Wifi for development purposes. To quote from the article that you shared, even the author of the article agrees with the same.
Sorry I know is not an ADB flaw, I just failed to express my self!!!
Thanks for pointing it out... I will edit the article and fix it.
Regarding ADB privileges for what I understand from Kevin Beaumont article, once you connect over tcp port 5555 you have full admin/root privileges, not a limited set of privileges.
That is not exact.
You have root rights if the user is not using a supplier (Samsung, Sony, etc...) Android OS image.
If the device is rooted then you can indeed have root privileges.