With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to access internal data of any user installed app by misusing CVE-2024-0044 vulnerability.
Internal data of apps contain sensitive information that app works with and are not meant to be shared with other apps. These data are stored either in XML files (shared preferences) or mainly in databases. If such data are not encrypted, then by exploiting this vulnerability, it is possible to exfiltrate them from device and access them.
Using my unpatched Android 13, I was able to dump from Google Messages and Phone by Google apps unencrypted SMS messages and contact list.
From third party apps, I extracted messages and contacts from WhatsApp app, as demonstrated in the video below.
Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability https://t.co/OdzIL17kbS pic.twitter.com/uJf8Kr4XdA
— Mobile Hacker (@androidmalware2) June 17, 2024
This vulnerability can be exploited even by non rooted Android smartphone with ADB tools installed, see Figure 4. If you are interested, I have created a short video tutorial on how to install ADB and fastboot in Termux app without root.
Details
This vulnerability was discovered and reported by Meta Red Team X. Further exploitation details and prove of concept were summarized and shared by Tinyhack.com.
Conclusion
This vulnerability can be exploit only against unpatched devices with enabled ADB debugging which means that this wouldn’t be very useful to threat actors. However, this exploit could be useful to Android forensic analyst.
Nice sir 😀 thanks you so much ☺️
Is there a way to turn on ADB from a locked android phone?
No. It is not possible to turn on ADB from a locked phone.