TeamViewer denies hacking and introduces new security measures.

About a month ago, TeamViewer users started complaining on the forums, Twitter and social networks about hacking their accounts. Last week, messages even appeared on Habré . At first it seemed that there was nothing serious about it. There were isolated cases. But the flow of complaints was growing. In the relevant sections of Reddit and on the hashtag on Twitter, there are now hundreds of victims. Over time, it became clear that this is not a coincidence, here is something more serious. Probably, there was a massive leak of passwords for users who use the same passwords on different services.

Among the victims were not only ordinary people, but also security specialists. One of them was Nick Bradley, one of the leading employees of the Information Security Department of the Threat Research Group of IBM. He reported about hacking his account on Friday, June 3. And Nick directly watched as the computer was captured right in front of him.

“At about 6:30 pm I was in the middle of the game,” says Nick. - Suddenly, I lost control of the mouse and a TeamViewer message appeared in the lower right corner of the screen. As soon as I understood what was happening, I immediately killed the application. Then it dawned on me: I have other machines with TeamViewer installed! ”
')
“I ran down the stairs, where another computer was turned on and worked. From a distance, I saw that the TeamViewer window had already appeared. Before I managed to remove it, the attacker launched a browser and opened a new web page. As soon as I got to the keyboard, I immediately canceled the remote control, immediately went to the TeamViewer site, changed the password and activated two-factor authentication. ”


^{Screenshot of the page that opened the attacker}

“Fortunately, I was next to the computer when the attack occurred. Otherwise, its consequences are difficult to imagine, ”writes a security specialist. He began to investigate how this could happen. He didn’t use TeamViewer for a long time and almost forgot that it was installed in the system, so it’s logical to assume that a password was leaked from some other hacked service, for example, LinkedIn.

However, Nick continued to investigate and found hundreds of posts on the TeamViewer hacking forums.



According to him, the actions of the attacker are similar to the fact that he quickly studied what computers were at his disposal. He opened the page to view the victim's IP address and determine the time zone, probably with a plan to return later at a more appropriate time.

TeamViewer program is designed for remote control of your PC. Taking possession of someone else's account, you actually get a ready rootkit installed on the victim’s computer. Many victims complain that they have lost money from their bank accounts and Paypal accounts.

Representatives of TeamViewer believe that the password leak is associated with a number of "megavzlomov" large social networks. A month ago, about 642 million passwords for Myspace, LinkedIn, and other sites were made publicly available. Probably, the attackers are using this information to create separate target databases with the passwords of Mail.ru , Yandex users , now here’s TeamViewer.

TeamViewer denies hacking the corporate infrastructure, and explains the inaccessibility of servers on the night of June 1 to 2 by problems with DNS and a possible DDoS attack. The company recommends that victims do not use the same passwords on different sites and applications, and also enable two-factor authentication. To this we can add that you should update the program to the latest version and periodically change passwords. It is desirable to generate unique passwords, for example, using a password manager.

In addition, as a response to the massive hacking of accounts, TeamViewer introduced two new security features . The first one is “Trusted Devices”, which introduces an additional procedure for permission to manage an account from a new device (to confirm, you need to follow the link that is sent by email). The second is Data Integrity, automatic monitoring of unauthorized access to the account, including taking into account the IP addresses from which the connection is made. If signs of hacking are detected, the account is subject to a forced change of password.

The TeamViewer response seems to be a logical and adequate effect on the massive leakage of user passwords (partly due to the users themselves). Nevertheless, there are still suspicions that the attackers found a vulnerability in the TeamViewer software itself, which makes it possible to carry out brute-force passwords and even bypass two-factor authentication. At least in the forums there are messages from the victims, who claim that they used two-factor authentication.