The security of ADB over USB is rather a mystery. Since some Android version 
(Jelly Bean?), Android needs confirmation of fingerprint of the host when 
connecting over USB (!). Sure, even authentication of USB host has some merit, 
which I am not going to discuss right now. However, when enabling network ADB, 
it always used to warn that it is not secure. I've never dared to enable it. 
Maybe it was some leftover warning. Maybe it just authenticates without 
encryption, which might be OK for some limited purposes. Maybe the 
authentication is missing or insufficient when using network ADB. (For example, 
authenticating just initial handshake packets might be reasonable for some USB 
threat model, but it can be hardly reasonable for network threat model.) Unless 
you find some details that I was unable to find few years ago, I can hardly 
consider it as secure.

Moreover, this option seems to be missing on Android 6.0.1 on BlackBerry PRIV. 
Maybe it is removed by Google, maybe it is just disabled by BlackBerry.

Rather than ensuring that network ADB is secure enough, it seems to be much 
simpler to use USB. If the phone resets USB when moved from one VM to another 
one, there is a workaround od running ADB in the USBVM. This is surely 
suboptimal for security (risks of compromising USBVM) and convenience, but it 
works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/308ed035-a5e8-447f-ab55-b2a863d53ae3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to