Older Fire TV devices are now more secure with newly added prompt for ADB connections

Part of the new 5.2.6.6 software update that is rolling out to all older Fire TV, Fire TV Stick, and Fire TV Edition television models that were released over a year ago is added security for Android Debug Bridge (ADB) connections. Newer Fire TV devices running Fire OS 6 prompt the user to accept ADB connections before the connection is permitted. That same behavior has now been added to Fire OS 5 devices. This will help protect Fire TV devices from things like the malware worm that was infecting Fire TVs earlier this year.

ADB is a tool used by developers to make changes to an Android device. It’s most commonly used to sideload apps onto an Android device that are not available in an appstore, but it can be used to do much more. ADB connections are disabled by default on all Fire TV devices, but it’s simple enough to allow them by turning on “ADB debugging” in the device’s developer options menu.

Newer Android devices, such as the Amazon Fire TV Cube and Fire TV 3, require the user to allow or deny ADB connections. The first time a particular device tries to establish an ADB connection to a Fire TV, the prompt you see above to allow the connection will appear on the screen. Once an ADB connection is allowed from a device, all future connections from that device will also be allowed.

This practice of allowing each connection was not yet the norm when older devices, like the Fire TV 1, Fire TV 2, and Fire TV Sticks, were released. That is why those devices have always allowed all ADB connections if the “ADB debugging” option was enabled. This could result in a problem if a malicious or infected device were to connect to the same network as a Fire TV that had ADB debugging enabled.

One example of such a problem was the malware worm that managed to infect some Fire TV devices earlier this year. One of the key ways that the worm spread was to try and locate other devices on the same network that freely accepted all ADB connections. Since ADB can be used to modify the system and install apps, the worm used the connection to spread itself.

With the new 5.2.6.6 version of Fire OS, all Fire TV models will now prompt the user to allow ADB connections. This should go a long way toward preventing any malicious devices on the same network from attacking the Fire TV. If your Fire TV ever prompts you to allow a debugging connection that you did not initiate, be sure to deny the request. That should also be your cue to investigate whether you have a malicious or infected device connected to your network.

3 comments
  1. Update 5.2.6.6 appears to disallow IP control from systems such as Control4 & Crestron. It seems like Amazon is shooting itself in the foot by this move as there are many smart home systems out there that use this facility; Is there a way to opt out of the imminent update, or will you be working towards a fix for this problem?

    If not, most people including myself and all of my clients will have to move over to Apple TV playes.

  2. B says:

    Well this just screwed the thousands of people using ADB for IP control. Thanks Amazon.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Get AFTVnews articles in your inbox!

Get an email anytime a new article is published.
No Spam EVER and Cancel Anytime.

FOLLOW