back to article TeamViewer beefs up account security after rash of PC, Mac hijacks

TeamViewer is whacking anti-hacker protections into its remote-desktop tool – as its customers continue to report having their PCs and Macs remotely hijacked by criminals. Two new security checks in TeamViewer will warn users when a new device or location attempts to log into their TeamViewer account and remotely manage any …

  1. Justin Clift

    Automated "damage control" PR too

    They've also put an automated spam bot in place on Twitter responding to every new Tweet containing "@teamviewer":

    @yourname - Please see our statement on account security

    It's not helping.

    1. leexgx


      the easiest way to fix is Set A windows password and have it set to 5 minuets on your screen saver and if your remotely logging in tick the lock box when ending the session (it remembers it)

      i would recommend disabling file transfers as well and remote recording (not tested if they still work when at the windows lock screen (i would assume they don't but i set them to deny any way)

  2. Nifty Silver badge

    Help! My mouse just moved and upvoted Justin's post!

    1. Justin Clift

      Yep, that was me wot done it. ;)

      1. Anonymous Coward
        Paris Hilton

        How did you guess my password was "password1"? And that it was also my password to my bank?

        I added a number - it's so much more secure.

        1. Buzzword

          Pah, amateurs. Mine is "password2".

  3. Peter 26

    Will these extras have much effect?

    The criminals have gone to this much effort, I'm sure they can afford a VPN in the targets country so the locale matches. They would be doing that anyway to hide their IP, all it means is they have to pick the right VPN in their list...

    Secondly the notifications that someone has logged in from a new device. Well these attacks are happening at 5am in the morning when everyone has their phone on silent...

    1. Anonymous Coward
      Anonymous Coward

      Re: Will these extras have much effect?

      "Secondly the notifications that someone has logged in from a new device. Well these attacks are happening at 5am in the morning when everyone has their phone on silent..."

      Which means they won't get permission. It's more than notifications. Well, hopefully... Maybe whenever we get the big public 'mea culpa' they'll throw in a 'mea copro'

      1. Anonymous Coward

        Re: Will these extras have much effect?

        I'm pretty sure that "notification" means "notification".

        Like, "just wanted you to know that while you were sleeping, someone logged on from Guanzhou and emptied your last $5 from your bank account. Have a nice morning!"

    2. Goopy

      Re: Will these extras have much effect?

      Chatrooms watch for known VPN IP Addy's, no reason why TH can't keep tabs on those, ie, VPN use is always detectable.

  4. Anonymous Coward
    Anonymous Coward

    Isn't it rather late to be securing the stable doors? I thought you did that before the horses bolted.

    1. Roland6 Silver badge

      No you do it afterwards, just so that the chickens can't come home to roost...

    2. Jeffrey Nonken

      If not all the horses have left, it still makes sense to close the barn door. I'm afraid quoting that metaphor suggests that it's too late to fix the problem and TV shouldn't bother.

      I haven't been hacked yet and I'd just as soon not be. Please close the barn door before any other houses escape. Thank you.

      1. John Brown (no body) Silver badge

        It is odd that within just days of these hacks (or in TVs case, alleged hack) that all these companies seem to suddenly find the resources to improve security. Surely in light of the continuous headline data breaches all over the world these people should *already* be shoring up their defences.

        1. Anonymous Coward
          Anonymous Coward

          Steam already does what they promised to do, validating over email any logins from new devices and even web browsers. Since, I don't know, years ago? Kinda sad that this is only to buy video games while Teamviewer has the family jewels.

          Just to reiterate, I was never a fan. Back when it mattered, I used VNC and some kind of free dynamic DNS provider with some updater or other. Also TV is a bit too cloudy for my taste.

    3. Goopy
  5. Mark 85 Silver badge

    That's it?

    "We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users,"

    And in another breath... 'it's your problem customers".

    In a nutshell.. there's what's wrong with the world. It's someone else's problem if your site/product is being used as an attack vector.

  6. IGnatius T Foobar

    Not TeamViewer's fault

    If someone uses the same password to unlock TeamViewer as they're using on public web sites like Reddit ... frankly, they deserve to have their computer broken into. This isn't TeamViewer's fault.

    1. Justin Clift

      Re: Not TeamViewer's fault

      There are many reports about it also affecting people using 2FA. Password re-use can't be the root cause of the entire problem.

      Additionally, someone on Reddit mentioned it looks like at least some versions of the TeamViewer protocol are very weak:

      The thing is, 2FA does not save you from connections from 3rd person who manages to find your server ID. They can brute force you all day long and just wait out the bruteforce protection of TV to fall off. Assuming that the default 4 digit passcode is enabled, all combinations can be tested inside 24 hours.

      Looks like this is going to suck for a large number of people.

      1. Phil Koenig

        Re: Not TeamViewer's fault

        I don't normally read Reddit. But the stuff I read yesterday on Reddit was like a bunch of petulant children that have already made their minds up that TeamViewer (you know, the company that's been giving away a fabulously useful, stable and reliable product to people for years now) is the Big Evil Satan.

        As for the snippet you quoted: TV's new permission notification thing should stop any bruteforcing dead in its tracks.

        Also do not forget that there was a trojan discovered last month that exploited the TeamViewer client by bundling it with the trojan and using it to create a proxy reflector. TV might want to look into how they can harden their client to make it more difficult for it to be exploited in that way.

      2. Goopy

        Re: Not TeamViewer's fault

        No, I do t bleive those reports, for one, you can't just Fin a TV server ID.

    2. streaky

      Re: Not TeamViewer's fault

      I don't think I'm a fan of this denial first attitude. It's the same attitude that caused the storm in the first place - it's entirely *possible* they could have had a breach and not know about it and instead of properly investigating they just flatly deny it when there's some good evidence suggesting there's an issue. Teamviewer is a legal back-door that breaks open most system (and firewall) security with credentials, if there's a wiff of a problem you revoke first and ask questions later - their attitude has been deny first and ask limited questions. They've obviously been attacked and they should be figuring out if that attack was cover for something more serious, and yes; giving people tools to secure their accounts.

      We've been here before and we'll be here again - if it's 2016 and you can't give people the tools to convince themselves their systems are safe you're (rightly) going to have a trust problem.

      1. I am not spartacus

        Re: Not TeamViewer's fault

        "Speaking directly to The Register and in announcements to customers, TeamViewer has denied that the crime spree is due to any compromise of its own servers. Rather, it claims, the victims of the attacks had reused their TeamViewer login passwords on other websites that have been breached, such as LinkedIn and Tumblr. Armed with copies of those leaked passwords and email addresses, TeamViewer claims, thieves then log into people's TeamViewer accounts and access connected PCs."

        Did they ever produce the slightest shred of evidence that their position on how this happened is correct? Did anyone ask them to (and it seems like an oversight if journalists were to interview them on this, and just take their assertions at face value)?

        (And the 'denying the compromise of its own servers' part: had anyone asserted this, or was this just TV's straw man?)

        Or is it ' this is a convenient thing for us to believe, so we are believing it...whatcha mean evidence? Of course we don't need evidence. We've got an explanation that suits us.'

      2. Goopy

        Re: Not TeamViewer's fault

        You missed the point. The point is they did not have a breach.

      3. Dominic Thomas

        Re: Not TeamViewer's fault

        Agreed! I was one of the first victims, my home network was broken into via TeamViewer in January, long before the current fuss. I reported it right away, and after the automated acknowledgement it took TWO WEEKS before TeamViewer contacted me to ask for logs - which I provided, and then never heard anything more. I was not impressed.

  7. Wade Burchette Silver badge

    Pretending this happens to you

    The easiest way to stop these miscreants is to turn off your computer. Hold the power button down until it goes off. You cannot control what is not turn on.

    1. Anonymous Coward

      Re: Pretending this happens to you

      " You cannot control what is not turn on."

      Apart from poor English composition...

      I wish this were true, maybe for TV it is, but Micro$hit will turn your PC back on, so it can install Win10.

      1. Anonymous Coward
        Anonymous Coward

        Re: Pretending this happens to you

        Not on today. Always on tomorrow.

  8. Anonymous Coward
    Anonymous Coward

    Teamviewer was ok before V11

    Now? Unless you pay lots of dosh it stops working after a short time.

    Nice one.

    Keeping on V10 until we can find and evaluate a replacement. For 1-2 sessions a month the money needed for V11 is enough to make the bean counters turn in their grave.

    1. Mark 85 Silver badge

      Re: Teamviewer was ok before V11

      For 1-2 sessions a month the money needed for V11 is enough to make the bean counters turn in their grave.

      That implies the beancounters are dead. They are more like undead.

      1. Anonymous Coward
        Anonymous Coward

        Re: Teamviewer was ok before V11

        staggering around, moaning "beeeeaaans..."

        1. DryBones

          Re: Teamviewer was ok before V11

          Coffee zombie! *blam*

          1. Anonymous Coward
            Anonymous Coward

            Re: Teamviewer was ok before V11

            They'd be the fast mover variety then?

            1. Anonymous Coward
              Anonymous Coward

              Re: Teamviewer was ok before V11

              That picture makes me wanna play DayZ again

  9. Anonymous Coward
    Anonymous Coward

    now that they have made it clear that everyone needs to reinstall TV

    how long until the same miscreants use the vulnerability to push out an 'update' addressing the breach which actually makes it worse?

    Seems like an SSL certificate has been compromised.


  10. Law

    Not good... TV may lose large clients for this

    I know of some companies that use it as their main remote session manager for entire labs... not small companies either, and their work is highly confidential.

    Guess this is why they're insisting it's not their fault.

  11. Neil Barnes Silver badge

    So for v10?

    Did some experimentation last night: me with a linux box and my father's machine on W7, with the 'use as required' executable. Neither of us have an account at TV.

    1/ until the remote end is executed, my end advises me that the remote is unavailable (I have the remote user number from previous sessions)

    2/ when the far end wakes up, I get the request for his passcode, delivered by phone

    3/ at this point, I can drive his machine

    4/ while connected, there are three TV services running in the windows running program list (I forget what it's called)

    5/ after disconnecting and closing the remote end, there is still one TV service running.

    6/ trying to kill that service appears to re-spawn it

    So what's going on here then? It looks as if there's something running (though my father may well be misreporting!) which isn't announcing availability but doesn't want to go away.

    On my linux box, once the program is stopped, there's nothing left showing in ps -ax

    1. Anonymous Coward
      Anonymous Coward

      Re: So for v10?

      If you want to stop a running service, the correct way to do that is to go into the services control panel (run->services.msc), select the service, and click stop (and change the startup type, if you so desire). Killing the process from task manager is not how it's done. If it still restarts, then you've probably got a teamviewer browser plugin or something like that running that requires it.

      1. Neil Barnes Silver badge

        Re: So for v10?

        Thanks - as you can tell I don't use Windows much.

        Now I need to work out how to talk the old man through it while I can't see his screen... Hmm.

        1. leexgx

          Re: So for v10?

          use teamviewer its already on the system so not that hard unticking one box in teamviewer so its not been running as a service

  12. Anonymous Coward


    Just removed LogMeIn, this looks like a systemic issue with remote access

    1. Anonymous Coward
      Anonymous Coward

      Re: Also...


      1. Kiwi

        Re: Also...

        People would randomly phone places claiming to be from Microsoft and other organisations, would claim they could tell a persons computer had a virus, and would claim to help them fix it. They would then talk the person through installing LogMeIn or other remote control software, which they would use later to raid bank accounts (they'd already have your credit card details from when you paid them for "helping" you).

        I don't recall TV ever being used in this manner at the time however, and from the articles and forums on this current issue it sounds like some other means has been used to get into the computers as many of those hit would not fall for such scams.

  13. Anonymous Coward
    Anonymous Coward

    Whats all the fuss about...

    In response to the reply to this post below. You cant spell 'team' without 'ME'.

    1. Anonymous Coward
      Anonymous Coward

      Re: Whats all the fuss about...

      Exclusive access to teamviewer should not be expected as there is no "I" in team.

  14. Anonymous Coward
    Anonymous Coward

    There is always a possibility of something like this happening when you leave remote control server directly accessible from the internet. If you need 24/7 remote control access you should run OpenVPN or similar VPN server and allow outside connections only through the VPN tunnel.

    Ironically, the very technique (hole punching to circumvent routers) that makes Teamviewer faster to set up the normal way makes it more involving to set it up a safer way that allows access only through VPN.

  15. Anonymous Coward
    Anonymous Coward

    Oh dear,

    I know of at least one UK fruit machine manu' that installs TV on machines running XP / W7, but rarely users it or updates it.


    Anon for obvious reasons/

  16. Chris Evans

    Build in better security

    One of the problems is the use by "We are phoning from Microsoft and we have noticed a problem with your computer scammers" This is not my field but surely there could make it more difficult for the scammers. e.g. have the IP address of any remote access to be logged by TeamViewer with a block on using anonymising etc. Also a simple warning "Warning if you are using this as result of an unsolicited call it probably is a scam" that users need to answer with at least three key presses YES to.... I'm sure better brains than mine could improve things a lot.

    Last time "Microsoft Support" got me to install TeamViewer I managed to keep them on the phone for over half an hour before they twigged I was on to their scam.

  17. Goopy

    I do not believe for one second anyone claiming using unique passwords have been breached I don't believe that at all.

  18. fidodogbreath Silver badge

    "We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users"

    "My goodness gracious!!! We are shocked; shocked, I tell you. Honestly, we had no idea that criminals could use the internet! Why didn't someone tell us about this sooner?!? What is this world coming to?"

    1. Destroy All Monsters Silver badge
      Paris Hilton

      What is this world coming to?

      Unreasonable searches and seizures, no right to bear arms, secret evidence and no expectation of privacy in one's coming and goings?

  19. Tim Ryan

    Since when is user stupidity TeamViewer's Problem?

    Oh Please,

    I am astounded at the level of accusation leveled at TeamViewer. From where I sit, and I have corporately licensed this product since version 4 and will continue to do so going forward, the only error that TV GmbH has made was to provide free versions that allowed idiots with pathetic password security to commit gross stupidity. After having done so the same fools who used common creds everywhere including in their Browser cached creds to access PayPal and Amazon, used those same creds to access TV configured to start on boot with those creds for remote access.

    This is somehow TV's fault? Are you fucking NUTS.

    I have many hundreds of end users who have taken up TV's freebie offer and been stupid about how they did it. I don't like the freebie policy, but thats TV's business choice. You could maybe make a case of TV having a sloppy PR department, but putting this responsibility on them is close to accusing a rope manufacturer because some idiot hung himself!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021