I’m sorry you had to use TeamViewer
I pity you for your need to use TeamViewer. Or RealVNC. Or Remote Desktop (Terminal Services). Heck, even Remote Assistance (Windows Desktop Sharing). I got it, you must use it at work, and hopefully such a remote access is performed from the local network or over a VPN. But if you’re using such a thing at home, on your personal computer… well, you deserve it. I’m a Luddite, I prefer to keep things as simple as possible–and my PC is my kingdom!–but you’re more networked than I am, right?
ElReg has it all: TeamViewer denies hack after PCs hijacked, PayPal accounts drained:
TeamViewer users say their computers were hijacked and bank accounts emptied all while the software company’s systems mysteriously fell offline. TeamViewer denies it has been hacked.
In the past 24 hours, we’ve seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote-control tool on their machines. Even users with strong passwords and two-factor authentication enabled on their TeamViewer accounts say they were hit.
It appears miscreants gained control of victims’ TeamViewer web accounts, and used those to connect into computers, where they seized web browsers to empty PayPal accounts, access webmail, and order stuff from Amazon and eBay.
A lot of heat on Reddit too, and ElReg shows a tiny sampler.
Of course, TeamViewer denies everything… even a week in the past, as one can see in their May 23 Statement on Potential TeamViewer Hackers. This is so full of bullshit. Note that the company has contacted several news outlets in the attempt to make them amend the articles, at the very least by downplaying the veracity of the reports, e.g. with statements like this one: “many customers have made unverified claims that their computers were maliciously accessed by hackers” (that’s in the Inquisitr).
Of course, when you’re hacked, it’s difficult to prove that in a court of law, but the very fact that this company is more concerned about censoring the reports and threatening with a lawsuit instead of being more open about what could have happened is one of the reasons I tend to avoid German software. Most of it is just crappy*.
By the way, follow this advice: If you were hacked, look in the Teamviewer logs for “webbrowserpassview.exe” (very important).
Even if nothing happened to you, go download WebBrowserPassView and give it a try. You’ll see this tiny piece of software showing all the passwords stored by your browsers! All of them, in plain text.
Then you’ll never want to install any VNC solution ever again, not just TeamViewer (here’s a similar German product, potentially another disaster waiting to happen, but what do I know: AnyDesk). And maybe you’ll understand why one of the first things I do after installing Windows is to disable Remote Assistance and Remote Desktop:
The times of MS-DOS, those were great times… but now I have to use Windows 10. Sigh.
EDIT: Ars Technica has a nice title for their report: TeamViewer users are being hacked in bulk, and we still don’t know how. Note that one of the victims is “a practice leader inside IBM’s Threat Research Group”—definitely not someone who can be easily dismissed. However, as described in his post Compromised Before My Very Eyes: How I Almost Got Hacked, the culprit is supposed to be the recent cluster of breaches that included the dump of LinkedIn passwords—this is the view shared by TeamViewer too! On the other hand, in another press release, TeamViewer Launches Trusted Devices and Data Integrity. Ars keeps being a bit skeptical:
TeamViewer’s claim that the surge in attacks is tied to the massive number of passwords that recently entered the public domain is plausible, but it’s likely not the only contributing factor. It wouldn’t be surprising if weaknesses in TeamViewer software are also involved. One possibility: a login mechanism that allows attackers to try large numbers of passwords without being locked out. Another: a flaw that allows attackers to circumvent two-factor protections. To date, TeamViewer’s public statements leave users with a sense the company isn’t providing a thorough accounting of what it knows, and that in turn gives way to mistrust and conspiracy theories.
I rest my case: no remote access software on my personal laptop. Never ever.