While performing a physical penetration test, you discover several company-issued Android phones charging on a public USB hub. The handsets are locked, but you confirm that the Developer Options menu shows "USB debugging" enabled and the devices display the prompt "USB debugging connected." Which mobile platform attack vector would let you deliver and install a backdoored APK onto these phones without needing to unlock the screens or obtain user interaction?
Initiate an Android Debug Bridge session over the active USB-debugging link and run an adb install command to sideload the malicious APK.
Use an NFC beaming exploit to push the application package via Android Beam when you bring an NFC transceiver close to each phone.
Launch a tapjacking attack that overlays deceptive buttons prompting the user to approve the installation when they next unlock the device.
Send proactive SIM Toolkit commands over the cellular network to force the handset to download and execute the malicious application.
With USB debugging enabled, an attacker can attach a laptop and start an Android Debug Bridge (ADB) session. ADB trusts the connected host once its RSA key has been accepted (or on some older devices, automatically). Using the command "adb install <malware.apk>" the attacker can push and silently install an application package, giving them code-execution inside the device's user space. Tapjacking relies on tricking users to tap UI elements, which is impossible while the screen is locked. NFC beaming requires proximity and user confirmation on modern Android versions. SIM Toolkit proactive commands cannot directly install arbitrary APK files without carrier involvement and handset interaction. Therefore, abusing ADB over USB debugging is the only viable vector in this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Android Debug Bridge (ADB)?
Open an interactive chat with Bash
How does USB debugging increase security risks?
Open an interactive chat with Bash
What is a backdoored APK, and how does it work?
Open an interactive chat with Bash
What is USB debugging and why is it critical in this attack?
Open an interactive chat with Bash
What is the role of Android Debug Bridge (ADB) in this attack?
Open an interactive chat with Bash
Why don't the other attack vectors work in this situation?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .