search
top


TeamViewer Breach?

Teamviewer is a fairly popular application used to gain remote access to machines.

Many use it to help other users troubleshoot their computer issues.
I personally avoid these types of applications as there are added security risks and concerns.

Teamviewer went down about a month ago which impacted every Teamviewer user on a global scale.
Many people at that time thought Teamviewer had been breached or hacked.

I was alerted about the issue through a friend the same day.
The twitter feed for teamviewer was hit hard by angry users. And as I started to noticed right away many businesses rely heavily on TeamViewer to run their day to day operations.

TeamViewer-Portable_1

 

Some of the rumours were that the Teamviewer DNS records were hi-jacked.
Thus, redirecting all traffic to a server in China.

This brings up a huge topic and issue related to DNS hijacking.
One mitigating control I always use is DNS service monitoring.
Anytime any of my DNS entries are ever modified in any way. I get multiple different types of alerts to notify me of the changes.
This has greatly paid off when someone has “accidentally” modified the DNS settings without approval.

The same day many users also noticed un-authorized access to their machines which still had Teamviewer running.

Users claimed that their bank accounts were emptied.
One users had unfortunately saved his paypal password in his browser’s list of “saved” password.

So the hacker was able to basically load paypal.com in the browser, and was able to autofill in the email address and password.
They had easy and direct access to the paypal account and transferred it out to multiple accounts.

To increase security always set your browser to NOT allow saved password.

Another user stated they noticed their mouse pointer was moving on it’s own.
And, who ever was suddenly controlling his machine was trying to open different windows.

Teamviewer themselves has claimed that they were never and have never been breached.

In the end, as a user installing any type of “remote” access tools poses some risks.
And, unless you absolutely need a remote access tool it’s best to avoid them.

If you must use Teamviewer you’re best best is to use the “portable” version, as it does not install the application on your machine.
It will run only when you actually run it and can easily close the application. That way it is not constantly running on your machine.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top
Secured By miniOrange