TeamViewer Users Get Hacked, Company Denies ResponsibilityAdded: Sunday, June 5th, 2016
Category: About Torrents > Staying Safe And Secure
Tags:ISP, Download, BitTorrent, MPAA, RIAA, copyright-infringement, file-sharing, Torrenting
TeamViewer was founded a decade ago to provide software that allows to remotely control PC systems and conducted meetings. The service currently accounts for more than 200 million users worldwide, some of which already complained about alleged hacking via TeamViewer.
It’s been more than a month that users of the remote login service TeamViewer have reported their PCs being ransacked by hackers. In many cases, the intruders drained PayPal or bank accounts. So far, nobody outside of TeamViewer knows exactly how many accounts have been hacked, but it is obvious that the users suffer in bulk. For example, many users on Reddit have complained about the alleged hack, saying that their accounts were compromised and attackers infiltrated their computers to steal financial data, access other accounts and make various purchases. All of them mention a file called "webbrowserpassview.exe," which scans systems to find stored passwords for use.
In response, TeamViewer has denied all responsibility for the recent incidents where PCs have been compromised. Instead, it has placed the blame on the "careless" use of credentials. The company did admit it was "experiencing issues in parts of its network," but managed to boot the majority of the platforms back to regular service. TeamViewer then issued a statement to explain that the outage was caused by a DoS attack aimed at TeamViewer’s infrastructure. However, there is no evidence that it was linked to any user account compromise.
As for the recent complaints, Germany-based TeamViewer attributed them to "careless use of account credentials", which are now being traded and released on the black markets online. Given that many users use the same passwords across different services, a single leak can lead to the compromise of multiple accounts. TeamViewer said that users also might unintentionally download and install malware. Due to software features, once a system is infected, hackers can do virtually anything with that particular system: capture it entirely, seize or manipulate information, etc.
In a statement, TeamViewer alluded to the recent chain of "megabreaches" that have dumped over 642 million passwords into the public domain, saying that many credentials stolen in those external breaches have been used to access TeamViewer accounts, as the hackers have simply taken advantage of common use of the same account information across multiple services to cause damage.
The company statement also announced measures being introduced to tackle the large number of hijackings. The first measure is known as "Trusted Devices". It ensures that before a device is allowed to access a TeamViewer account for the first time, the account holder must approve such access. The measure is implemented via an in-app notification asking account holders to confirm the new device via e-mail.
The second measure is called "Data Integrity" and enables automated monitoring detecting whether an account has been hacked. The feature monitors for unusual behavior (for instance, access from a new location) that might suggest it has been compromised. In this case, such TeamViewer account will be marked for an enforced password reset. These measures were initially planned to introduce later in 2016, but the growing number of complains over TeamViewer account takeovers prompted the early roll out.
In the meantime, although reports of infected PCs and drained accounts have reached a deafening crescendo over the past few days, such stories have actually been circulating for more than 6 months. Most of such complaints claim the takeovers are the result of a breach in TeamViewer's network. Indeed, a denial-of-service attack that disrupted the company’s domain name system infrastructure became proof the domain had been commandeered through DNS hijacking. Despite the absence of any evidence of TeamViewer's name servers using any unauthorized IP addresses, such claims haven't stopped circulating. There is no factual basis for any DNS spoofing either, so the hijacking could actually have taken place months after the account takeovers started.
On the other hand, TeamViewer's public response wasn’t very good either. It often takes the company days or weeks to issue any sort of statement at all, despite a significant number of users being hit by attacks exposing their financial data. Even if TeamViewer officials respond, they issue terse press releases missing important details: for example, the company has yet to explain how some of the recent attacks have successfully bypassed its two-factor authentication protection, or how the accounts protected with strong passwords were hacked.
Industry experts tend to doubt that the timing of the account compromises and DoS attack was coincidental, but it is still possible that the affected users may have had their credentials stolen and used through other means. Perhaps, the recent MySpace and LinkedIn data dumps may be the source of credentials, but some TeamViewer users insist that their credentials were strong and used nowhere else. Industry watchers admit that TeamViewer's claim that the hacks are tied to the massive number of passwords that recently leaked online is plausible, but it is clearly not the only contributing factor. Security experts believe that weaknesses in TeamViewer software may also be involved. The first reason is that TeamViewer login mechanism allows attackers to try large numbers of passwords without being locked out. Another reason is the existence of a flaw that allows intruders to circumvent two-factor protections. In other words, the current public statements made by the company leave users with a sense TeamViewer isn't providing a thorough accounting of what it knows. Unsurprisingly, this in turn leads to emergence of mistrust and conspiracy theories.
Worried about the news and looking for a way to protect yourself? You should always remember that using the same credentials across multiple online services is risky. Of course, it is difficult to remember different passwords, but it effectively prevents attacks from accessing your complete digital profile in case one set gets compromised.
Another thing to remember is that you must ensure all your online accounts are protected with randomly generated passwords at least 10 characters long, which contain numbers, symbols, and upper- and lower-case letters. As for TeamViewer, it's a good idea to run it only when you need it, rather than allowing it to autostart each time a computer is turned on or leave it overnight.
TeamViewer also strongly recommends using unique and secure passwords that are frequently changed, ensure having reliable anti-malware and security solutions in place at all times and enabling two-factor authentication whenever possible. Media reports admit that TeamViewer engineers can perform log analyses at a much more granular level than any outsiders can, but there's more to these breaches than what the company has said to date.
Sunday, June 5th, 2016
|The same team viewer program that has been on dozens and dozens of Microsoft Tech Support scams. We vill help you to remove the wiruses from vindows. That team viewer? Hacked you say?!?! I must go change my digital bloomers.... RME|
|anyone that stupid enough and gives a remote user rights , deserves to get ripped off.hahhahahahha|
|It's a very useful program I hope they get it worked out.|
ToeringsNthongz, honestly I can solve 10 peoples problems in time it takes me to walk someone through something. For my own protection I tell them to make sure it's set to attended access so they have to allow me in. The ability to remote control from my PC or phone saves everyone a lot of time.
|Someone needs to get a secure identity type system out that is accessible to the masses. This whole concept of all these unique passwords is problematic. I have so many now there is no way to commit all of them to memory which means they are far less secure in some file. Not to mention that many of them have required so much personal info on me that if they got breached anyone could assume my identity.|
|2FA would've prevented that, it's available for TV so use it|
|posted by (2016-06-06 21:57:45)|
|Makes me sick thinking that a neighbor has had two monitors, one watching and accessing our families computers and the other watching us in and around our home with hidden cameras. They watch you hide items of value in the home an sneak in unforced and never know it's gone till a month later or more. They also try to get you on your built in cams... What a mess....|
|The only surprise was that it took so long. I remember when I first encountered it, I wanted nothing to do with it. Amazing it did not get out of hand sooner.||
Most Popular Stories