PDA

View Full Version : Teamviewer vulnerable



KarameaDave
23-03-2016, 11:57 AM
As a few on here are users of this, a heads-up is in order.

http://news.softpedia.com/news/surprise-ransomware-uses-teamviewer-to-infect-victims-502006.shtml

Richard
23-03-2016, 11:59 AM
Thanks for the 'heads-up' Dave.

1101
23-03-2016, 12:37 PM
or perhaps not :)

"As Surprise ransomware victims noticed that they all had TeamViewer installed, they went on to search TeamViewer's logs, and all discovered that someone accessed their computer via TeamViewer, downloaded the suprise.exe file (ransomware's payload), and then launched it into execution, encrypting their files"

So, it could be a hacker installed TV
It could be an email asking user to 'login' into TV a/c via a bogus weblink in the email
it could be user ran a TV support link , that belonged to a hacker
it could be TV password was obtained some other way, eg , common password, password store program hacked or accessed
etc etc

"(1) Up to now, none of the reported cases is based on a TeamViewer security breach" TV's response

1101
23-03-2016, 12:40 PM
From the forum link
"You may want to plug your email into this site and see if your credentials were ever leaked: https://haveibeenpwned.com/"

"mmm Unfortunatly i have some email address affected"
:badpc:


There may be a genuine TV issue, but I wouldnt jump to conclusions , yet.

KarameaDave
23-03-2016, 01:11 PM
or perhaps not :)

"As Surprise ransomware victims noticed that they all had TeamViewer installed, they went on to search TeamViewer's logs, and all discovered that someone accessed their computer via TeamViewer, downloaded the suprise.exe file (ransomware's payload), and then launched it into execution, encrypting their files"

So, it could be a hacker installed TV
It could be an email asking user to 'login' into TV a/c via a bogus weblink in the email
it could be user ran a TV support link , that belonged to a hacker
it could be TV password was obtained some other way, eg , common password, password store program hacked or accessed
etc etc

"(1) Up to now, none of the reported cases is based on a TeamViewer security breach" TV's response

But TV is the common factor in this, Yes?

1101
23-03-2016, 01:50 PM
But TV is the common factor in this, Yes?

Yep.
But nothing is proven, one way or the other, yet. A bit of caution never hurts, but surely we arnt at panic mode yet ?


I wonder, does TV have build in protection against brute force attacks ? Will TV drop/block attempts to connect after
too many wrong password attempts . Is this sort of thing recorded at TV's server (should be , surely)

If TV was compromised, why did they not pick the corporate or rich clients to hack into first ? That would have been the best pickin .

KarameaDave
23-03-2016, 02:05 PM
No panic here, I don't use it.:)
I was merely trying to be helpful...

pctek
23-03-2016, 02:47 PM
I've never liked using those things....leaves a bloody big hole in the users PC

1101
24-03-2016, 10:08 AM
No panic here, I don't use it.:)
I was merely trying to be helpful...

I appreciated the heads up, but Id bet theres more to the story
Perhaps they were all the type of user that goes to 'certain' websites . All links & all instances of this (I could find) point back to that forum & only users in that forum (that I could find)


I never install TV & leave it running (unattended access mode).
No need to, just leave the TV exe on the desktop, get the user to run it in "run only " mode when its needed. When finished, TV closes .

Its the cheaper clones of TV that make me nervous , they are a bargain price but could never bring myself to trust them .

KarameaDave
24-03-2016, 11:23 AM
I'm sure further detail will come to light over time.

bevy121
24-03-2016, 12:24 PM
Response from TeamViewer...


In the last couple of days, some reports surfaced which linked some ransomware infections with TeamViewer. We strongly condemn any criminal activity, however, we can emphasize two aspects:

(1) Up to now, none of the reported cases is based on a TeamViewer security breach
(2) Some selected steps will help prevent potential abuse

Ad (1.): We looked thoroughly at the cases that were reported to us. According to our investigation, the underlying security issues cannot be attributed to TeamViewer. Thus far we have no evidence that would suggest any potential security breach of TeamViewer that attackers exploit. Furthermore, a man-in-the-middle attack can nearly be excluded because of TeamViewer’s deployed end-to-end encryption. Additionally, we have no reason to believe that a brute-force attack is the origin of the reported infections. TeamViewer exponentially increases the latency between connection attempts. It thus takes as many as 17 hours for 24 attempts. The latency is only reset after successfully entering the correct password. TeamViewer not only has a mechanism in place to protect its customers from attacks from one specific computer but also from multiple computers, known as botnet attacks, that are trying to access one particular TeamViewer-ID.

Apart from that, we would like to state, that none of the reports currently circulating hint at a structural deficit or a security glitch of TeamViewer.

Careless use is at the bottom of the cases we currently looked at. This particularly includes the use of the same password across multiple user accounts with various suppliers.

With many suppliers - such as TeamViewer - this does not turn out to be a problem, because appropriate security measures are in place to protect the user's data. With other suppliers, however, user data is poorly or not at all protected. These suppliers are an easy target for hackers or data thieves who subsequently sell their loot via pertinent portals, or maybe just maliciously publish the user credentials online.

As TeamViewer is a widely spread software, many online criminals attempt to log on with the data of compromised accounts (which they obtained through the aforementioned sources), in order to find out whether there is a corresponding TeamViewer account with the same credentials. If this is the case, chances are they can access all assigned devices, in order to install malware or ransomware. Yet users can protect against this problem.


Ad (2.) TeamViewer denounces any criminal ploys, and encourages users to protect themselves by adequate counter measures:

· This starts with the download: TeamViewer advises users to only use official TeamViewer channels for the download.

· Additionally, users ought to protect any user account - whether it is with TeamViewer or any another supplier - by unique and secure passwords.

· Moreover, TeamViewer encourages users to protect their TeamViewer accounts by two factor authentication. See: http://www.teamviewer.com/en/help/402-How-do-I-activate-deactivate-two-factor-authentication-for-my-TeamViewer-account.aspx

· Finally, users should make sure that their device has not already been infected by viruses, spyware or any other type of malware that hackers may use to access secret or sensitive data.

The TeamViewer support team is happy to answer any potential technical issues or queries at support@teamviewer.com.

TeamViewer recommends that users who have been the victim of criminal activities get in touch with their local police departments, in order to report their case. This is particularly important because, TeamViewer is subject to very strict data protection and privacy regulations, and can release sensitive data only to authorized individuals and authorities.

KarameaDave
24-03-2016, 12:41 PM
Well then, naughty ol' users, eh?