Comment

Comment on Does Shuzku / wireless debugging demand a trusted wifi device?

wyfpm@lemdro.id ⁨4⁩ ⁨days⁩ ago

I see, makes sense. Thanks.

Hm, so, even if it is true that Shizuku-pairing directly privileges only the phone itself – that the adb commands never leave the phone – it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

Unless adb privileges are also identified by the ip address of origin. Unless, the modem could also feign those and multicast them, or something. Could it?

Oh well. This is straying quite far from Android. Thank you regardless.

source

Sort:hotnew top

FooBarrington@lemmy.world ⁨4⁩ ⁨days⁩ ago
it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

I just tested some scenarios:

I start Shizuku in one wifi network (prompt to trust the network, then I had to enter the pairing code since I hadn’t used it before)

Then switch wifi networks

Shizuku was immediately disconnected

When I press “Start” again in Shizuku, I get prompted to trust the network

Then I switch back

Shizuku stays running

Then I disabled Wifi

Shizuku stays running

Then I disabled mobile data

Shizuku stays running

Then I stop Shizuku & press “Start” again

It asks me to enable wireless debugging, and that enables wifi

So you’re safe as long as you don’t start Shizuku & trust the network while connected to a potentially malicious network.
source