topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday October 9, 2024, 2:39 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: TeamViewer hacked?  (Read 29215 times)

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #25 on: June 05, 2016, 03:24 AM »
Update

Re_Unauthorized_Use_of_Your_PayPal_Account_-_Gmail_-_2016-06-05_01.22.35.pngTeamViewer hacked?
If I do it more than 2 times I want to automate it in C#!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #26 on: June 05, 2016, 08:20 AM »
So when I use TeamViewer to connect to one of my family's pcs, I need to either know credentials for the PC, or have to get the user to say OK before I can connect. What am I missing? Is everyone's desktop unlocked, or you have a no password required setting somewhere?
There's a couple of possible explanations, but the TeamViewer folks haven't exactly been informative so far.

The two most likely are:
1) a (really!) badly designed protocol or (more likely) programming flaws that can be exploited remotely to circumvent the password checks.
2) that TV doesn't rate-limit connection attempts, letting attackers brute-force weak passwords.
- carpe noctem

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #27 on: June 05, 2016, 10:52 AM »
There's a couple of possible explanations, but the TeamViewer folks haven't exactly been informative so far.

The two most likely are:
1) a (really!) badly designed protocol or (more likely) programming flaws that can be exploited remotely to circumvent the password checks.
2) that TV doesn't rate-limit connection attempts, letting attackers brute-force weak passwords.
#1 would be bad, but #2 would be shameful.
vi vi vi - editor of the beast

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,188
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #28 on: June 05, 2016, 02:37 PM »
Update

[ Invalid Attachment ]

Did you request the documentation?  You might be able to appeal it.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,759
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #29 on: June 06, 2016, 12:15 AM »
Update

I suppose the next step would be to dispute the charge with your credit card company or bank and be sure to file a police report.

Also, might be a good idea to go the other way and do as PayPal suggested, which is to contact Amazon (or wherever the charges were placed) and dispute the charges.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,759
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #30 on: June 06, 2016, 02:02 AM »
Small update: TeamViewer still say there is no evidence of a vulnerability on their end. They still think it's due to reused passwords; poor, easy-to-guess passwords; or malware:

The vast majority of the cases that we see have to do with there being a lot of data breaches lately, and whenever we're pointed to potential TeamViewer account abuses, we check internally to determine what we can see. And in virtually every case we see that the passwords and account credentials have been used elsewhere.

Another factor that plays a significant role is that people aren't using very strong passwords. They use the name of a spouse, of a kid, of a pet, or they simply do not have strong enough security measures in place like antimalware, antivirus, the type of thing that belongs on every computer these days.

They're not denying that TV accounts are being abused, they're just saying it's not due to a hack or vulnerability on their end:

We're not doubting TeamViewer accounts have been abused. It's just this is not because of a TeamViewer weakness. [...] Obviously, what we're not doubting is that yes, people have been ripped off by online criminals and their bank accounts may have been emptied, but again that's not [due to] a TeamViewer vulnerability.

Read more in the Ars Technica interview.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #31 on: June 06, 2016, 06:59 AM »
http://arstechnica.c...n-mass-account-hack/
After reading through the comments there.

Okay, this is getting ugly - where's the popcorn?

With the massive justificational back and forth, the thing that seems to be most consistently appearing is the ability of - the attackers - computer to guess X passwords per second ... which automagically makes most - if not arguably all - passwords less that 20 something characters "easily guessable. And then the "need" for 2FA get's brandished over, and over, and over... *Sigh*

Why does everybody keep glossing right past lockout limits?? I mean WTF - If a system like that is allowing 3+ login attempts per second - like anybody can actually type that fast... - without locking down the account. I don't care how many whoop-de-do factors they have in place, their system is fundamentally flawed...and the fault is theirs.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,188
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #32 on: June 06, 2016, 07:21 AM »
When things get ugly, there's always time for popcorn.



But yeah, I totally agree Stoic.  Anything that allows access to the internet, and controls something so sensitive, but doesn't have lockout limits is pretty stupid.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #33 on: June 06, 2016, 08:20 AM »
This Just In from the piss yourself laughing department.

Well, we are not testing any email/password combinations if you think that and we also can't see your passwords, since we use the Secure Remote Password (SRP) protocol and therefore do not store your passwords. What we do is check, if the email addresses used for TeamViewer, have been part of a leak. You can do so yourself using www.haveibeenpwned.com.
-TeamViewerOfficial on Reddit

Hm... the SRP protocol ... Isn't that the one that's supposed to be Dictionary Attack resistant, and perfectly secure even when weak passwords are used because the PW is never actually exchanged with the server?

Yet TV's primary defense is silly users using easy to guess - er... with a dictionary - passwords.

So they intentionally used a protocol that is designed to compensate for bad user behavior, because it compensates for bad user behavior, and then deflect blame because of bad user behavior ... Really? Is Jack Sparrow writing their PR material?


Above Quote is from here: https://www.reddit.c..._teamviewer_see_our/

Yes it's a Wikipedia link (sue me): SRP Protocol

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #34 on: June 06, 2016, 12:52 PM »
I'll just add one thing for those who aren't familiar with TeamViewer -- at least when i set up mine by default TeamViewer itself created a random password for remote access (rather thank asking me to type one in) and it was SIX characters long (and i believe it's just uppercase,lowercase,and digits).

So it would be entirely plausible that a brute force attack would be able to guess passwords.

Thankfully I do not leave TeamViewer running, and have only used it on occasion when traveling.  I have also set a long passphrase, so I should be ok, but I'll probably avoid using TeamViewer for a while just to be safe.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #35 on: June 06, 2016, 01:55 PM »
So it would be entirely plausible that a brute force attack would be able to guess passwords.

I'm not entirely sure it is at this point. At least not at a really high rate of speed. Because that's one of the issues that the SRP protocol -(which they say they're use)- was designed to protect against, by only allowing one login attempt per session. So if the BF attempt has to keep creating a new session, that - I would hope - would/should serve to slow down the attack quite a bit.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #36 on: June 06, 2016, 01:58 PM »
Disputing the PayPal claims, bank is being difficult about getting the affidavit to me, the seller of the digital cards is being pissy. I've deemed my computer safe, thank god. I believe having "remembered" passwords which gave easy access to the hacker saved my computer If they couldn't get what they wanted as fast as they wanted, I believe they would have uploaded loggers, viruses, backdoors, etc...

I can just see the police looking at me if I try to file this: Yes I had someone somewhere in the world who used a burner email address and who was likely behind 40 different teamviewer computers steal $400 in untraceable iTunes gift cards. Please look into it for me, thanks?

I'll file it if you guys really recommend it but I think it's just more paperwork and red tape for no results.
If I do it more than 2 times I want to automate it in C#!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #37 on: June 06, 2016, 02:04 PM »
police not going to do anything.
but do push the bank, itunes, and paypal as they have the ability to reverse transactions.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,188
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #38 on: June 06, 2016, 02:15 PM »
police not going to do anything.
but do push the bank, itunes, and paypal as they have the ability to reverse transactions.

The point isn't for the police to do anything, but have an official record.  That record of facts is important in the process.  And is a lot more cogent and indeed verifiable and generates more trust than something taken over the phone.  It's to preserve your rights, and theirs, and keep things above board.  I'd still recommend doing it.  I had something similar happen, and had to file a report.  It was a pain, but when they ask you to do something, I've found it's better to just bite the bullet and do it.

I'll just add one thing for those who aren't familiar with TeamViewer -- at least when i set up mine by default TeamViewer itself created a random password for remote access (rather thank asking me to type one in) and it was SIX characters long (and i believe it's just uppercase,lowercase,and digits).

So it would be entirely plausible that a brute force attack would be able to guess passwords.

Thankfully I do not leave TeamViewer running, and have only used it on occasion when traveling.  I have also set a long passphrase, so I should be ok, but I'll probably avoid using TeamViewer for a while just to be safe.

They're not talking about access passwords- those are generated on a per use basis.  They're talking about the master account password- a totally different animal.

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #39 on: June 06, 2016, 02:46 PM »
TeamViewer has introduced some new features to make it harder to take over a user's computer from an unauthorized remote computer.

TeamViewer says that they were not hacked, and I tend to believe them.  However there is currently a thriving online market in passwords stolen from various sites (LinkedIn, Adobe, etc...), so perhaps the most important step in protecting oneself from hacking is to use significantly different passwords for different sites.  Long ones!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #40 on: June 06, 2016, 02:47 PM »
Hm... the SRP protocol ... Isn't that the one that's supposed to be Dictionary Attack resistant, and perfectly secure even when weak passwords are used because the PW is never actually exchanged with the server?
Isn't the main point of SRP that you're authenticated through establishing proof of you knowing the password, without actually sending the password? There's nothing about that which prevents dictionary attacks or (other forms of) brute-forcing.

Requring a new session per login attempt isn't a bad idea, but it's more important to pad out the first couple of login attempts to several-hundred milliseconds and then do exponential backoff (with some upper limit to avoid people locking you out of your account by sending bad guesses), and perhaps some temporary IP ban after a number of failed attempts. You need to balance user friendliness (and aforementioned malicious lockout) against mitigating brute-force attacks.
- carpe noctem

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,759
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #41 on: June 06, 2016, 02:57 PM »
police not going to do anything.
but do push the bank, itunes, and paypal as they have the ability to reverse transactions.

I was a victim of "identity theft" about 10-15 years ago (holy carp has it been so long?). I notified my bank of fraudulent activity, and the bank required me to send them a police report.

AFAIK, even though the police investigated the crime, they never found the perpetrator, who I assume got to keep the stuff he bought with my money1. But the important thing (to me) is that I got my money back.

But the point is that it required a police report to do so.



1 Actually, he didn't spend much of my money because he overdrafted my account (which is how I noticed the fraud so soon), so most of the money he spent wasn't really mine.
« Last Edit: June 06, 2016, 03:32 PM by Deozaan »

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,543
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #42 on: June 06, 2016, 03:59 PM »
...Thankfully I do not leave TeamViewer running, and have only used it on occasion when traveling.  I have also set a long passphrase, so I should be ok, but I'll probably avoid using TeamViewer for a while just to be safe.
_________________________

I similarly only need to use TeamViewer infrequently, but when I have needed to use it it has always proved itself very useful, so I don't wish to expunge the app. I always considered that it carried a serious potential risk of offerring a wide-open access door to hackers, so I would usually shutdown TV to reduce the risk and the system overhead. However, there is a tenacious TV service that remains active if one forgets to stop it.

After this apparent hack I have blocked TV access in the firewall (using Windows Firewall Control) - merely by making the several TV "Allow" entries "Block". I can always unblock it when I need to use it. I could equally have Disabled them. I should probably have done that at the outset actually, considering the potential risks.    :-[

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #43 on: June 06, 2016, 06:22 PM »
TeamViewer has introduced some new features to make it harder to take over a user's computer from an unauthorized remote computer.

TeamViewer says that they were not hacked, and I tend to believe them.  However there is currently a thriving online market in passwords stolen from various sites (LinkedIn, Adobe, etc...), so perhaps the most important step in protecting oneself from hacking is to use significantly different passwords for different sites.  Long ones!

My passwords are created using KeePass. No two passwords are the same. Just throwing my 2 cents into the fray.

Police "Incident" has been filed. No report was made because they said there was nothing they could do, which I went in knowing. They did say, however, if their systems ever got hacked they would contact me... whatever that means? I think they were impressed with my documentation...  :Thmbsup:
If I do it more than 2 times I want to automate it in C#!

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #44 on: June 07, 2016, 05:58 AM »
Hm... the SRP protocol ... Isn't that the one that's supposed to be Dictionary Attack resistant, and perfectly secure even when weak passwords are used because the PW is never actually exchanged with the server?
Isn't the main point of SRP that you're authenticated through establishing proof of you knowing the password, without actually sending the password? There's nothing about that which prevents dictionary attacks or (other forms of) brute-forcing.

I was just having a bit of fun with the bullet point level description of what the protocol does vs. TV description of what was likely to have - couldn't be their fault happened. So preventing it no - I'd already questioned the apparent lack of lockouts earlier. It just strikes me that the way the protocol is designed it inherently mitigates BFing by eating up time with procedural shenanigans, thereby reducing the rate that guesses can be made at.


Requring a new session per login attempt isn't a bad idea, but it's more important to pad out the first couple of login attempts to several-hundred milliseconds and then do exponential backoff (with some upper limit to avoid people locking you out of your account by sending bad guesses), and perhaps some temporary IP ban after a number of failed attempts. You need to balance user friendliness (and aforementioned malicious lockout) against mitigating brute-force attacks.

Totally agree ... I wonder if that type of system could be packaged into a drop-in/plug-in type module for some of the existing web systems currently available?


Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #45 on: June 07, 2016, 11:01 AM »
PayPal accepted my appeal!  ;D

Now to close my bank account, as the bank says I will be 100% liable for any future fraud regarding that account.
If I do it more than 2 times I want to automate it in C#!

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,188
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #46 on: June 07, 2016, 03:04 PM »
PayPal accepted my appeal!  ;D

Now to close my bank account, as the bank says I will be 100% liable for any future fraud regarding that account.

Congratulations!  I figured they would if pressed- there seems to be no reason for them to have denied it in the first place.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: TeamViewer hacked?
« Reply #47 on: June 08, 2016, 05:23 PM »
In situations like this and, say, all types of insurance claims (medical, auto, etc.), I get the feeling these companies deny the initial claim just to see if the person will actually fight it.  They risk nearly nothing by denying the claim.  Either the person doesn't fight and the company doesn't have to pay or, the person does fight it and they enter into the process of actually investigating the claim.  It might not actually be this way but, when you're on the end of a quick initial claim denial, it sure seems so...especially if they reverse course and honour the claim a short time later.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: TeamViewer hacked?
« Reply #48 on: June 08, 2016, 05:40 PM »
I get the feeling these companies deny the initial claim just to see if the person will actually fight it.
yep, absolutely common practice.