If you have ever installed Kodi on an Amazon Fire TV Stick or Box, then your device is vulnerable to a hack that will take over your device by installing an Android malware program called ADB.Miner.
What is ADB.Miner?
ADB.Miner is part of a malware bot-net will use your device’s CPU to mine for crypto-currencies. Such malware will definitely slow down your device, bottleneck your internet bandwidth, and have even been known to overheat and even destroy the device.
The above screenshot is from Shodan.io and shows Amazon Fire TV devices that are open to getting hacked via ADB.
How Is My Fire Stick Vulnerable?
You see, just about every tutorial on the internet that shows you how to install Kodi on a Fire TV Stick will start off with a step where you enabled ADB Debugging.
ADB stands for Android Development Bridge and opens up the device to listen to commands over port 5555. One such command will transfer an APK file and install the app on the device… all remotely over the network. That’s exactly how the adbLink method of installing Kodi works.
Well, the problem is that any device with access to your network can push an app to your Fire Stick if you left ADB Debugging on.
That’s how ADB.Miner spreads. It manages to get installed on one device, and as soon as that device accesses your home network, it scans for devices with port 5000 and pushes the malware to those devices as well.
Warning: It’s Stupid Easy to Hack into People’s Fire Sticks
I did it myself! I’m no hacker, but I took a few minutes and hacked into someone’s Fire Stick. (Sorry random guy in the UK who was just finishing a movie)
How, you ask? Well, using Shodan, I got a list of IP addresses of Fire TV devices with ADB exposed. I just opened up adbLink which I used to install Kodi on my Fire Stick, and I just added another device using that IP. Voila! I was able to browse and download files from their device (but I didn’t), I could install an app (but I didn’t), and I could even take a screen capture with the click of the button. That’s how I know the person was finishing a movie. It showed the ending credits.
Obviously, I’m not malicious and am not going to start hacking a bunch of people, but it really opened my eyes as to how easy it is for someone to spread malicious apps for their own financial gain.
How to Prevent Getting Hacked (if not already)
It’s very simple actually. On your Fire TV device, just go to Settings > Device > Developer Options > ADB debugging and switch it OFF.
How to Check If I’m Hacked Already
This malware installs in the form of an app called “Test”. Unfortunately, it doesn’t simply show up in your list of apps. The only way to tell if you have it is by searching on your Fire TV device for an app called Total Commander and using that to look in the “Installed Apps” folder to see if you have an app called “Test”. If so, your device is infected.
How to Clean My Infected Fire TV Device
If your device is indeed infected with this ADB.Miner malware, you have a few options. AFTVNews has 3 different methods to clean it up including doing a factory reset, simply uninstalling the malware, and even a clever method of installing a modified version of the malware app that has a higher version number but is actually clean of any malware.
Share and Comment?
I really hope this has been informative and helpful for you.
We really need to get the word out about this because there are so many people that are left vulnerable with this. Please share this post with anyone you know that uses Kodi on a Fire TV device.
Also if you have any comments or questions, please leave them below. Thanks!
Ok I put my ADV …OFF. Went to Total Commander. I was concerned about this statement before downloading….CAUTION: rooting and root brushing your mobile device can compromise its performance. Main features-Copy. Can you explain it that is something to be aware of it will harm my Fredrick performance BEFORE I download it please? Thank You
See the sentence right before that… “Total Commander also supports root functions, but does not require them.” You don’t need root permission, so no worries.
My son has experienced his firestick moving on its own. So i assume that this is probably what is happening to his device. I actually habe 3 devices in my house. When you say factory reset does that mean that i have to redownload everything i have on the device?
Yes, factory reset means you would need to install everything again.
If you turn the ABD back to off, will Kodi still work once it’s downloaded?
Yes.
I never installed Kodi but my firestick is hacked stuck on Amazon screen.
If ADB debugging is disabled, assuming no malicious add-ons have been downloaded and installed, is my FireStick relatively safe? I would be using a VPN.
Yeah, you’re probably good. In updates that have come out since this post, Amazon has introduced a popup that you have to accept when someone tries an ADB connection. That pretty much resolved the risk that was there before.