The TeamViewer community on Reddit has brought to light claims that while using TeamViewer, their computers were hacked, PayPal and other banking accounts completely drained and malicious software installed.
Users took to the Reddit community to alert others that while looking through their log files of connections to the computer, they had found unknown computer logins from unknown locations.
TeamViewer is a popular remote desktop access client, which is often used by IT department for example to service a client's PC from anywhere in the world. This means they can use your computer normally, without having to actually be in the room.
Currently TeamViewer has clients for both personal computers and mobile devices making it an incredibly lucrative target for those with malicious intent.
Interestingly, TeamViewer has issued a statement saying that, ““There is no evidence to suggest that TeamViewer has been hacked. Neither do we have any information that would suggest that there is a security hole in TeamViewer.”
TeamViewer believes that users re-using passwords is what led to this problem, saying that “Unfortunately, users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable. The latter ones tend to be targeted by professional data thieves. As TeamViewer is a widely spread software, many online criminals attempt to log in with the data gained from compromised accounts (obtained via the aforementioned vulnerable sources), in order to discover whether there is a corresponding TeamViewer account with the same credentials.”
John Christly, CISO of Netsurion commented to SCMagazineUK.com by email that, “One of the main issues with any product like [TeamViewer] is that many use a password to protect the remote capabilities, and some users choose to re-use passwords that they use for other systems including bank accounts, social media accounts, etc.”
And given the recent spate of high-profile data breaches affecting MySpace, Tumblr and LinkedIn, making sure passwords are changed often and to something less crackable sounds rather sensiblible.
Despite this however, as one Reddit member asked, “How the hell are people with two factor authentication being hacked?” Even users who do have two-factor authentication enabled, were compromised by hackers.
There currently seems to be no answers to how this could have happened. If these reports from the Reddit community are true, it would be seem that TeamViewer currently has a security hole which went unnoticed by it's developers.
In an attempt to offer some advice on what to do to protect yourself from this, Christly went on to comment that, “If you use any remote access software on your computer, you should immediately check the security of how it is setup. First and foremost, if you no longer need to use the remote access software, then remove it. If you are unsure if it has been setup securely or not – then remove it; you can consult with someone that can help you get it setup securely. If you have to continue to use the remote access features, then you should be sure that any passwords you may be using are unique and very strong and that you are not using the same password for any other systems or accounts.”
And if TeamViewer is installed on a company computer, Christly warned that, “If your company uses remote access software for vendors or employees, it should be secured and very restricted to only those users that absolutely need to use this method of connection. Remote capabilities should be reviewed at least annually to ensure that orphaned accounts do not remain.”