Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

UIAutomator2 lets anyone on the network control/view your device!

See original GitHub issue

I discovered something very concerning just now.

When using uiautomator2, which is what GramAddict is based around, it silently installs the application ATX-Agent on your device, which opens a webserver on TCP port 7912, that lets anyone on the network, with ZERO form of authentication, execute code, install apps, exfiltrate private data etc. on your device and view the screen remotely.

As soon as you’re running GramAddict, this webserver is started. This is a HUGE security concern, and should be addressed immediately!

Try it yourself:

Find the Wi-Fi IP address of your device: adb shell ip route | awk '{print $9}' (NOTE: It is trivial for anyone on the same network to discover your device and the running webserver)
Run GramAddict as ususal.
Using another device on the same network, go to http://[PHONE IP]:7912 in your browser.

This is what you’re presented with:

(censored for my privacy)

(Not showing the API page, as it exposes too much personal info. You can view its endpoints and capabilities at the ATX Agent page linked above)

This is extremely worrying!

Issue Analytics

State:
Created 3 years ago
Comments:18 (13 by maintainers)

Top GitHub Comments

2reactions

itsallmathematicscommented, Feb 19, 2021

I saw the help-wanted tag on this. I’m new to GramAddict and don’t know the codebase super well (nor have I programmed with UIAnimator2 before), but would be happy to help any way that I could. I mostly do software security development work & research.

1reaction

Prisscilliacommented, Feb 19, 2021

@itsallmathematics @narkopolo Just a heads up I was planning on forking this repo and reading through the code base in an attempt at the same thing. Hopefully we can get this fixed together

Top Results From Across the Web

CVE-2020-36245 | Vulnerability Database - Debricked

Sign up with Debricked to see whether your code uses the vulnerable functionality or ... UIAutomator2 lets anyone on the network control/view your...

JVNDB-2020-016204 - JVN iPedia - 脆弱性対策情報データベース

National Vulnerability Database (NVD) : CVE-2020-36245; 関連文書 : UIAutomator2 lets anyone on the network control/view your device! #134. 更新履歴.

Simple index - piwheels

... renmin-zhongguo-riwenban-202105-202109 debussy-airflow layer-enforcer pyvehicles a-pandas-ex-csv-plus hyper-sh yamldoc django-people pyserialnumbers ...

Automation error - OSCHINA - 中文开源技术交流社区

Automation Command Line Application that can automatically update changelog file of your project after each commit/pull request/tag/release Table of ...

sitemap-questions-28.xml - Stack Overflow

... /how-to-recognise-a-particular-user-in-a-long-multi-user-internet-chat-log ... /given-a-python-pyc-file-is-there-a-tool-that-let-me-view-the-bytecode ...