Anyone using TeamViewer?

Discussion in 'malware problems & news' started by itman, Mar 24, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  2. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    thanks for the heads-up.
     
    Last edited: Mar 24, 2016
  3. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,765
    Location:
    Mexico
    Thanks.
    Already in its own dedicated sandbox (SBIE) and set as Vulnerable Process in NVT ERP.
     
  4. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    From what I've seen , all of the infected TeamViewer users had one ( or more ) of these in common :-

    Downloading Teamviewer from untrustworthy sources ,
    Using weak passwords which were easy to crack with brute force / dictionary attacks
    Re-using these same passwords within Teamviewer ( ie same one for different connections )
    Re-using the same weak password on other sites , outside of Teamviewer

    I've not read anything to suggest that the problem lies with Teamviewer itself .

    More in this recent Wilders thread .
     
  5. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,765
    Location:
    Mexico
    A zero day bug on Teamviewer or scanning the Internet, by attackers, for accessible Teamviewer installations. Either way I already set Teamviewer service to disabled and as a Vulnerable Process in ERP.
    Besides Teamviewer.exe and its components forced to run sandboxed in a dedicated sandbox.
    Hope this will suffice.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    IIRC Team Viewer (TV) offers a unique 4 digit PIN for each session. Is that different than the passwords you're referring to? Are these passwords associated with running TV at Start UP with auto-login?

    It seems like most if not all of the vulnerability could be eliminated by only running TV on demand. I find that my customers with limited skills can usually deal with that.
     
  7. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Yes to that Victek !

    That's kind of what I was getting at ( I didn't express myself very well ) .

    The root cause of the problems I've seen appears to be unsafe or ill-advised actions by users ( or just plain old-fashioned stupidity )
    The very same things that online banking sites tell them not to do !

    It bothers me that TeamViewer may be portrayed as insecure because of this , when it simply is not the case .
    I've used it for years , I value it and trust it and this recent issue will not change that .

    My two-cents ( etc , etc ) ...... :)
     
  8. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    how about using portable version and then removing it from your pc when you're done with it? would that make a difference?
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,240
    In addition to that you can set up Unattended Access where you choose a static password to access TeamViewer. This password remains the same between TeamViewer sessions. As well as that, you can create a TeamViewer account which will provide a list of all the computers you have access to in one place.

    It would seem that the hackers have gained emails and passwords to TeamView accounts, which is giving them access to computers.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Yes :thumb: I use a TeamViewer (TV) account so that I can create a list of people that I help, however I do not enable unattended access on their systems nor do I enable the "start with windows" option. I use TV "on demand" only, which I believe eliminates the possibility of someone hacking in.

    In my experience people find someone accessing their system remotely unnerving. I encourage them to only allow people they know and trust to do so, and even then only on a "per session" basis.
     
  11. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,765
    Location:
    Mexico
    How about TeamViewer Service which is running on the background (startup type set as Automatic) by default? Isn't that a vulnerable process already awaiting to be exploited?
    All the other components, TeamViewer.exe, TeamViewer_Desktop.exe, tv_w32.exe and tv_w64.exe are off normally if you don't start a session, but the service.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Good point. I Googled and read a few threads, and it seems that the TV service can be changed from "automatic" to "manual" and the program will still work properly on demand. I haven't tested that though. As to whether or not the service can be exploited I don't know.
     
  13. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,765
    Location:
    Mexico
    I believe it can be (just speculating). That's why the day before yesterday I set it up to manual, and (here comes the interesting part), I put TeamViewer_Service.exe as a Vulnerable Process in Exe Radar Pro. I believe I'm quite well covered.
     
  14. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    It certainly will , and that's exactly how I have it set up , along with a list of other very useful tools that try , and/or want to be "auto-start" services in Windows .
    I always change their start-up status to " manual " and they mostly work just fine when summoned .... occasionally I get a dialog saying that
    " such-and-such a service failed to start " ..... it's irritating , sure , but I like that scenario a whole lot more than the "start service by default " option .

    Call me old-fashioned if you will ....
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I just stopped the service and then started Team Viewer. The UI came up as usual, however the service didn't start. I wonder if the service is only needed for the persistent "unattended access" feature?
     
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,240
    @Victek It was the same for me. Perhaps the service only need to be runinng on the computer you are connecting to.
     
  17. Anjoland

    Anjoland Registered Member

    Joined:
    Sep 21, 2015
    Posts:
    4
    What about the Whitelisting under security? I only log into my home PC from my cellphone, so couldnt I add the phones TV ID into the whitelist and that would be the only device allowed to remote in, is that what that is for?
     
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I believe so; see here:

    https://www.teamviewer.com/en/help/...ess-for-teamviewer-connections-to-my-computer

    http://blogs.dixcart.com/internal/s...adding-a-teamviewer-id-to-your-whitelist.html

    Note also that you can enable TeamViwer two factor authentication and use a number of smartphone authentication apps including Google Authenticator.

    https://www.teamviewer.com/en/help/398-what-is-two-factor-authentication-for-your-teamviewer-account
     
  19. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Good point !

    Has anyone tested this yet ?

    I'll try it with one of my other machines when I get some spare time .
     
  20. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,630
    Location:
    Toronto, Canada
    Guys/Gals, I've been following this conversation with great interest as well. I maintain approx. a dozen or so client machines through TeamViewer currently. Most of those machines are for elderly folks who are not the least bit tech savvy, naturally. The last thing that I would want to do is open up any kind of hole on their machines.

    On all of those client machines, I've installed TV for persistent unattended access. Myself, I use TV (PortableApps) since I personally would rather not have TV installed full-time on my systems. The thing is, these old folks are not savvy enough to download, for example, TV QuickSupport version, find it within their Downloads/Desktop and run the app. Also, the QS version would not allow me to perform multiple reboots and such.

    So what some of you have suggested with keeping TV installed, but disabling the TV service has me particularly interested as well. If this would indeed work for persistent access, all I would need is for these old folks to click on the TV shortcut on their desktop, which my hope is that it would fire up the TV program and service to allow me to access. Then, I would remote in and temporarily switch the service back to Automatic for the duration of the servicing, and once complete I would switch the service back to Manual as some have suggested. However, at this point I have not tested this yet. Have any of you tested this scenario yet with success? Thank you. :)

    If I get a chance to test this out later this afternoon on some of my own test machines, I will post back with any of my findings. Unfortunately my days and life has been in a whirlwind keeping me incredibly busy.
     
  21. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I haven't tested it yet and I would be interested to know your results because I also provide support for some elderly folks. I usually conduct sessions with them over the phone so they can give me the TV password and tell me what's going on with the system. Team Viewer offers the option to "wait" during a reboot of the client's system and then reconnects automatically. I don't know that the service is even needed in this scenario.
     
  22. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,630
    Location:
    Toronto, Canada
    @Victek I was able to do some preliminary testing with some of my test machines today and the results were good. Since for myself, and also you, we both do some work for older folks and so I was trying to simplify the process while still keeping things secure without any holes left open. I'll share my testing findings below.

    On client machines:
    • Install TeamViewer in Unattended mode (persistent access)
    • Add your typical login credentials, connection settings, etc.
    • Make remote connection to this client machine to ensure everything is good
    • Change TeamViewer service from Automatic to Manual on client (do not stop service yet or you lose connection)
    • Assuming that your work is done, no more reboots needed, shut down client machine
    • Client machine is left with TeamViewer shortcut on desktop, but no running TV service
    Client calls back in future for some service needs:
    • Ask client to simply start TeamViewer from desktop shortcut (or taskbar I suppose)
    • Log in remotely, first go to Services before starting your duties
    • Change TeamViewer service to Automatic (from manaul) and Start service now
    • Follow your typical servicing routines, persist across reboots
    • When work is done, switch service back to Manual (again, do not Stop service or you lose connection)
    • Safely shut down remote client machine
    So this scenario suits my needs for assisting some of these old folks and also is nice since it does not leave any TV services or processes running when there are no servicing needs. The only thing is that we need to remember each service call to switch the service back to Automatic and Start the service to persist across reboots and to switch service back to Manual when complete.
     
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Thanks for the detailed instructions. This is a good way to improve security without adding difficulty. :thumb:
     
Loading...