Kos of kos.io joins us to demonstrate his lethal Android hacking toolkit – P2P-ADB. Taking advantage of USB Debug Mode, Root, and some crafty hacks Kos’ toolkit enables the bypassing of lock screens, making system changes and even “backing up” Android profiles, all from one phone to another. Kos goes on to perform an Auth token cloning attack, enabling an attacker to gain access to a victims Google account, change the password, or even setup a one-time-password for themselves if two-factor-authentication is enabled. The open-source P2P-ADB framework is available from http://kos.io and requires a rooted Android and OTG cable.