How secure “AMMYY Admin” is – thoughts and results

2012.05.29

Another recent review of mine, about AMMYY Admin software – usually used for quick and easy remote access to computer.

Pros:

1. Fast [it is damn fast, indeed]

2. Simple for end user:  Click – Run – Spell – Approve.

3. No installation required (possible, but not have to) + free.

4. Embedded File Explorer to transfer files between computers (both ways)

5. Secure [so they say, at least!]  ….

Let’s see:

Now, what we know about it else?

1. You run client, and got ID. If You run few computers in line – ID numbers increase, so eventually (sometimes it +2, sometimes +4) so eventually You can guess newly run clients ID.

2. ID of PC in AMMYY not that simple to renew to average user (I still not found, but it there I’m sure ), so once assigned, ID is permanent per machine.

3. To get access, You only need to press Accept in small pop-up window like this:

Looks friendly and “trust me, I am know what to do”, no? 🙂 So – accepting remote connection require only one click from user.

4. Take a good look of what is enabled on Accept window [previous screenshot]. File Manager?  Yes. With  System permissions by default 🙂 See Screenshot2:

So, after client once approved connection, remote user have high-level access to FileSystem

5. Last and not least, as You may see in default configuration for Network:

Both direct tcp allowed and port 5931is listening. Actually, i did’t found yet the way to connect thru IP:Port to AMMYY, but at least we have data needed.

6. And finally, when minimized, AMMYY directly hidden to tray. In newer Vista\WIn7 systems it completely disappear from user’s eyes. And – continue to run. 🙂

Now, as “pure evil” Black Hat hacker, let’s combine :))

Open AMMYY, check Your ID, add +1 and enter in Connect window. Press Connect

And wait from authorization from remote computer.

Responses of AMMYY:

The Computer ID=[NUMBER] wasn’t found – computer with current ID is not present, or offline.

Waiting for authorization from remote PC – computer is Online, request sent, waiting for user action

Remote computer rejected  your query to access – user declined Your request.

Exceeded session limit – someone already connected

Now, final results, without HOWTO

  • In properly catched sequence – each second computer is online
  • Each forth computer, from those who online, approve Your request to connect – 25 % success.
  • If You retry request 2-3 times to the same ID – success is up to 50%
  • From 10 computers that Reject initial sessions, during 24 hours period 33% allow access when attempt repeated.
  • Almost 30% of all once successfully identified online computers available for significant amount of time later (tested for 2 weeks)
  • None of approved connection clients not disabled File Explorer feature of AMMYY

And, finally, I was in a middle of typing my ideas to AMMYY tech support, when found this thread from support forum:

http://forum.ammyy.com/viewtopic.php?f=2&t=2450

It dated 19.09.2010. [if deleted – i have screenshots]. Nothing to add – problem is acknowledged by vendor. Solution – change by Yourself.

Actually, AMMYY have a lot of good, useful and handy features indeed. Including security improvements. But: this piece of software advertised as SIMPLE RUN & USE. So all customers do so. So – as You may see – they in security problem.

By the way, it’s not a problem at all to enumerate online users ID of AMMYY.

Please, use safe software, teach Your customers how to use it and have a great day.

🙂

 

 

 

2 comments

  1. Nice info…..this tool itself looks good but with potential security risk….Thanks

    Noor, 06/12/2013
  2. How is there a security problem if the user has to explicitly give permission to connect?
    Ie. if a user is stupid enough to accept random connections then the user is the security problem.

    Pingdang, 20/09/2016

Leave a comment