Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 29, 2016, 03:30:31 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: TeamViewer hacked?  (Read 3800 times)

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,515
    • View Profile
    • Donate to Member
TeamViewer hacked?
« on: June 01, 2016, 06:51:45 PM »
I don't use TeamViewer, but I know that it has been discussed several times here as a solution for remote access to PCs.  It's being reported that TeamViewer's systems have been hacked and that the attackers used the access they gained to also access end-user machines.

The reports include PayPal accounts being emptied and items ordered from Amazon and eBay.

  - http://www.theregist..._mass_breach_report/
  - https://www.reddit.com/r/teamviewer

« Last Edit: June 01, 2016, 09:46:29 PM by mouser »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,265
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #1 on: June 01, 2016, 06:53:49 PM »
Thanks for the update, that's a scary possibility.  I'll note from the web page that TeamViewer denies they've been hacked.

But it sounds like those of us who have TeamViewer running in the background need to keep a close eye on it and maybe disable it for now if feasible.

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,515
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #2 on: June 01, 2016, 07:07:24 PM »
TeamViewer denies they've been hacked.

That's true: https://www.teamview...-teamviewer-hackers/

However there are a lot of people on reddit reporting being attacked, and the reports seem to be spiking today - a week after the TV denial (which strikes me as curious, but I don't know the history behind this story yet).  Maybe it's a case of Teamviewer users being easier than usual targets for some reason or that they are targets that have higher than usual 'yields' for the hackers.  So as you said, it would be wise to be cautious.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,650
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #3 on: June 01, 2016, 09:27:48 PM »
Should we perhaps changed the topic to a question, instead of stating it like fact?


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,265
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #4 on: June 01, 2016, 09:46:37 PM »
good idea, done.

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,515
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #5 on: June 02, 2016, 01:35:41 AM »
A more recent blog posting indicates that a trojan attached to a compromised Adobe Flash update package installs the TeamViewer client that is used to access end user machines:

  - https://www.teamview...kdoor-teamviewer-49/

If I understand this correctly, this means that you don't have to have installed TeamViewer yourself. Or something. To be honest I'm not exactly sure what's going on, other than it doesn't seem to be anything good.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,027
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #6 on: June 02, 2016, 03:13:58 AM »
I know a few people who use TeamViewer that have, by chance, seen people taking control of their machines.

It's a pretty convenient application, but I really, really, really wouldn't leave it directly accessible from the internet all the time. I don't know if it has exploits, a weak/broken security protocol, or simply doesn't have any anti-bruteforce mechanisms built-in, but something's definitely too weak.
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,265
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: TeamViewer hacked?
« Reply #7 on: June 02, 2016, 06:53:27 AM »
The "careless use" disclaimer strikes me as a bit disingenuous when it's rather obvious someone is working their block quite hard. However that being said, I have long loathed the idiotic habit of 3rd party "Support" personnel installing remote access app X on everything from workstations to servers and then just orphaning it leaving people exposed by its then ongoing connection opportunity.

Any access hole poked into a network must be sealed the instant it is no longer absolutely necessary ...Period.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,275
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #8 on: June 02, 2016, 11:03:42 AM »
The "careless use" disclaimer strikes me as a bit disingenuous when it's rather obvious someone is working their block quite hard. However that being said, I have long loathed the idiotic habit of 3rd party "Support" personnel installing remote access app X on everything from workstations to servers and then just orphaning it leaving people exposed by its then ongoing connection opportunity.

Any access hole poked into a network must be sealed the instant it is no longer absolutely necessary ...Period.

I was calling work for support while I was at home.  I access the work network by using mstsc through a portal to contact my work laptop instead of taking it home.  The support personnel said "can I install on your machine (whatever remote control they use).  I promptly said no.  Especially as the evidence I'd given them was more than enough to point to the true problem- something going on with the portal.  But even if it had not, I would have said no.  What they do with their own property is their business.  But the crap this stuff installs- from join.me (which has started to try to install when used) to omnijoin (the same) is really annoying for the use its put to, and this is a good example of why I feel that way.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,750
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #9 on: June 02, 2016, 12:37:34 PM »
There is no sane reason to use TeamViewer which, by defaults, routes your shared desktop over U.S. servers.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,275
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #10 on: June 02, 2016, 01:56:18 PM »
There is no sane reason to use TeamViewer which, by defaults, routes your shared desktop over U.S. servers.

I'm assuming that traffic is encrypted (though I don't use it, I recognize that it's a useful tool for some)

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,750
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #11 on: June 02, 2016, 02:03:36 PM »
For what reason do you assume that? Good faith?

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,275
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #12 on: June 02, 2016, 03:15:10 PM »
For what reason do you assume that? Good faith?

I assume it because (a) I'm not using it, (b) it would make sense to do so, and (c) I'm too lazy and don't care enough to check it.  Mostly (a), but really (c).

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,265
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #13 on: June 02, 2016, 03:22:18 PM »
It's a pretty safe assumption -- it would be unfathomable for such a mature enterprise-level product not to use encryption for something like this.

And in fact you can read about the encryption they use here:
https://www.teamviewer.com/en/security/

Quote
"TeamViewer includes encryption based on 2048 RSA private-/public key exchange and AES (256 bit) session encryption. This technology is based on the same standards as https/SSL and meets today's standards for security. The key exchange also guarantees full, client-to-client data protection. This means that even our routing servers are not able to read the data stream."

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,750
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #14 on: June 02, 2016, 03:25:20 PM »

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 100
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #15 on: June 03, 2016, 12:44:49 PM »
I just woke up to a "Thank You For Using TeamViewer" popup this morning guys... I did not remote into my own computer while i was in bed last night...


Ummmmmmmm
If I do it more than 2 times I want to automate it in C#!

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,650
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #16 on: June 03, 2016, 01:29:09 PM »
TeamViewer just announced some new features that appear to be related to this: Trusted Devices (2FA on devices connecting for the first time) and Data Integrity (forced password reset due to suspicious activity)

https://www.teamview...-and-data-integrity/


Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 100
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #17 on: June 03, 2016, 01:36:38 PM »
Oh the hack is very real. Someone logged into my computer at about 6am and went to eBay and bought themselves $400 in iTunes giftcards and then tried to buy $200 in PlayStation giftcards from amazon.
If I do it more than 2 times I want to automate it in C#!

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,275
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #18 on: June 03, 2016, 01:50:13 PM »
Oh the hack is very real. Someone logged into my computer at about 6am and went to eBay and bought themselves $400 in iTunes giftcards and then tried to buy $200 in PlayStation giftcards from amazon.

Why are you continually running it?

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,265
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: TeamViewer hacked?
« Reply #19 on: June 04, 2016, 08:27:42 AM »
Man talk about sticking hard to the cover story...

Quote from: TV Blog
As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services.

We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.


Trying to hard much???

And how exactly do they explain (away) the part where it is mainly (read only) the TV v11 users that are getting "randomly" hit??

Then there's the we're not going to call it a (security) update...update. That they hung together in only days after - but not in response to - the not attack.


Saving face is one thing ... But this is just sad.


Given the issues we've been having with our current SSL Trusted Root signed VNC variant. I've been looking for something mainstream that our company can jump to for remote support, that won't constantly waste time talking end users through security warning.

Hay did I mention that this is a digitally signed by an SSL trusted root certificate provider that still constantly gets flagged by damn near everything??? (Signed binaries my ass)

Anyhow TV was on my list of -(mainstream)- replacement companies to investigate last week ... But they're not on that list anymore.

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,119
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #20 on: June 04, 2016, 09:40:35 AM »
So what is a good alternative? I haven't tried it, but I've heard NoMachine mentioned?

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 100
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #21 on: June 04, 2016, 03:40:54 PM »
Oh the hack is very real. Someone logged into my computer at about 6am and went to eBay and bought themselves $400 in iTunes giftcards and then tried to buy $200 in PlayStation giftcards from amazon.

Why are you continually running it?
I use it to remote in from mobile. Not anymore though.
If I do it more than 2 times I want to automate it in C#!

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 221
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #22 on: June 04, 2016, 10:10:07 PM »
So what is a good alternative? I haven't tried it, but I've heard NoMachine mentioned?

I am using Brynhildr as my RAT. You can get it by going to http://blog.x-row.net/?p=2455#download. There is also a QT based client available at https://github.com/f...qtbrynhildr/releases.

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 671
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #23 on: June 04, 2016, 10:22:43 PM »
So when I use TeamViewer to connect to one of my family's pcs, I need to either know credentials for the PC, or have to get the user to say OK before I can connect. What am I missing? Is everyone's desktop unlocked, or you have a no password required setting somewhere?
vi vi vi - editor of the beast

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,650
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #24 on: June 04, 2016, 11:24:57 PM »
So when I use TeamViewer to connect to one of my family's pcs, I need to either know credentials for the PC, or have to get the user to say OK before I can connect. What am I missing? Is everyone's desktop unlocked, or you have a no password required setting somewhere?

It's possible to set up unattended access, so you can remote into your own system without having to have someone there click OK or tell you a code. But in order to do so, someone would still need to be logged in as you, using your TeamViewer account username/password combination. Or something.