Skip to content ↓ | Skip to navigation ↓

In the last day or two, there have been a spate of posts by TeamViewer users claiming that their computers have been hijacked by malicious hackers, their PayPal and other banking accounts emptied, their webmail accessed, and malicious software installed.

And the victims seem to believe the attacks are linked to their use of TeamViewer.

teamviewer-hack-victim

Hold on a minute. What’s TeamViewer?

It’s a piece of software popularly used for remote desktop access.

In other words, if you have a problem with your computer, an IT guy can use TeamViewer to remotely access your computer from anywhere else in the world. With TeamViewer, someone can’t just see what’s on your computer screen. They can also take control of your mouse and keyboard.

It’s as though they’re sitting right in front of your computer.

And it’s not just your computer. TeamViewer has remote-control clients for iOS and Android, as well as Windows, OS X, Linux, and Chrome OS.

Sounds neat! If a hacker isn’t able to exploit it…

Yes, it’s a very handy tool for doing remote technical support, or simply if you wish to access your home computer when you’re traveling.

But if your TeamViewer account isn’t properly secured, you potentially have a big problem.

So, has TeamViewer been hacked?

TeamViewer has issued a statement, denying it has been hacked and putting the blame for any account breaches on user carelessness:

“There is no evidence to suggest that TeamViewer has been hacked. Neither do we have any information that would suggest that there is a security hole in TeamViewer.”

(TeamViewer’s statement is dated 23 May 2016, though it refers to concerns that have bubbled up into the press this week.)

What kind of user carelessness does TeamViewer feel led to these account breaches?

In short, TeamViewer appears to be pointing the finger at people re-using passwords:

“Unfortunately, users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable. The latter ones tend to be targeted by professional data thieves. As TeamViewer is a widely spread software, many online criminals attempt to log in with the data gained from compromised accounts (obtained via the aforementioned vulnerable sources), in order to discover whether there is a corresponding TeamViewer account with the same credentials.”

That sounds sensible. Password reuse is a big problem.

Right. We’re all aware of data from mega-breaches at LinkedIn, Tumblr and MySpace being put up for sale on the dark web.

And normally TeamViewer’s explanation of what has happened would sound reasonable.

But a number of the people reporting that their computers have been hijacked are adamant they weren’t reusing passwords and that their credentials were rightly hard-to-crack as well as impossible to guess.

Reddit conversation

Furthermore, some of those who have had their TeamViewer accounts compromised say that they had even taken the step of enabling two-factor authentication, meaning that a hacker shouldn’t be able to break in with just a username and password alone.

TeamViewer 2FA

So, if people hadn’t reused their passwords and had enabled 2FA on TeamViewer, how were their accounts hacked and their computers hijacked?

We don’t know.

Some think TeamViewer is suffering from a security flaw that has managed to go under the radar of its team. But at this time, all of that is speculation.

Frankly, not knowing what is really going on is leaving some deeply concerned. It’s always better to know what you’re up against.

Yuck! So what should I do if I’m a TeamViewer user?

If you’re using TeamViewer, then ensure that you have configured its settings to maximize security. That means ensuring you have enabled two-factor authentication and restricted who can remotely access your computer (by setting up an access control whitelist, and other options).

It should go without saying that it may make sense to review your password, ensuring that it is unique and strong, and that you keep your anti-virus defenses updated just in case spyware is stealing credentials as you type them into your computer.

But don’t stop there. If TeamViewer has been compromised in some fashion, then the attackers are using it as a springboard to attack your other online accounts. So ensure that you have properly hardened your bank accounts, PayPal, Amazon, eBay, and the like with strong, unique passwords along with their respective equivalents to two-factor authentication (sometimes delivered as two-step verification.)

At the very simplest level, remember that a hacker can only use TeamViewer to remotely access your computer if you are running TeamViewer! It may make sense to quit the software when you don’t need it or when you’re not sat at your computer to see what’s going on.

More best practices for TeamViewer security are discussed in this Reddit thread.

 

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Hacking Point of Sale
  • TV666

    Likely they accepted one of the request being spammed recently: https://www.reddit.com/r/sysadmin/comments/49ufhy/teamviewer_contact_request/

  • Kent_Dorfman

    In order for you to gain access to their mouse and keyboard, the PC user has to give you permission; it is not automatic.

  • MasterCatz

    yes my OVH servers were hacked into via my TeamViewer a few months ago how ever never had its 2FA enabled

    on brightside ended up with a heap of new hacking tools ..

    • Assembly Language

      What hacking tools did you end up with?

  • MasterCatz

    yes my OVH servers were hacked into via my TeamViewer a few months ago how ever never had its 2FA enabled

    on brightside ended up with a heap of new hacking tools ..

  • |:}

    I have a better solution!… throw out your email App, and never use it again to send and receive messages! Then, end the practice of ever using a password to communicate with anyone ever again! Begin using a pseudonym to communicate with!… and “borrow” an email address to access a site’s features (e.g., a comment log window, like this one!… and preferably, a well known government email address!… or a respected advocacy!)! And!… if any site demands a password!… or desires to authenticate your email address, by emailing you back!… simply never do business with that site again! Oh!… and end your comments/ communications with, “Please!… no contact (or words to that effect!)!” And!… well!… they’re not going to be reaching you!… and you’re being kind to the party whose email address you’ve “borrowed”! And do your shopping/ business in person! And if you have time, communicate your concerns about a demand for a password, to a site’s Contact Us window! And thus… endeth the lesson!
    Please!… no contact!
    Please!… no contact!