back to article AnyDesk revokes signing certs, portal passwords after crooks sneak into systems

AnyDesk has copped to an IT security "incident" in which criminals broke into the remote-desktop software maker's production systems. The biz has told customers to expect disruption as it attempts to lock down its infrastructure. The application developer, which is said to have more than 170,000 customers worldwide, disclosed …

  1. elDog

    Isn't AnyDesk a remote desktop substitute? Almost a keylogger...

    Wouldn't crims be able to see a lot of client interactions?

    This seems like one of the "weakest links in the chain" attacks. When a crim could install malware on the remote desktop then they essentially have access to all of the customer's information.

    I imagine there are a lot more of these types of in-the-middle applications that have too much access to too many credentials. When I've looked at integrating various cloud-based applications I'm encouraged to use things like zapier - but I need to give my credentials on both ends to that software for it to function.

  2. train_wreck

    Literally the only time i’ve ever seen AnyDesk in use is during tech support scams.

    1. cyberdemon Silver badge
      Holmes

      So much so that it is featured on the BBC's 'Scam Interceptors'. They say they have an 'ethical hacker' in the scammers' systems, but they also work directly with AnyDesk, who i suspect has given their so called hacker access to suspected scammers' screens.

      Now perhaps the scam gangs are having their revenge

    2. TimMaher Silver badge
      Windows

      Re:- “tech support scams”

      Tried it on me a few weeks ago.

      I commented on it then in some El Reg conversation.

      They were pretending to be Virgin Media and were going to resolve my slow router problem.

  3. Piro

    Good old worst practice

    They literally have plain text passwords for customers' portal logins.

    How is that even possible?

    https://www.resecurity.com/blog/article/following-the-anydesk-incident-customer-credentials-leaked-and-published-for-sale-on-the-dark-web

  4. Anonymous Coward
    Anonymous Coward

    What we don't know

    We don't know SINCE WHEN Anydesk was compromised. We don't know if the criminals have been able to set up a MITM attack to slurp data that has been transmitted during Anydesk remote session, but as stated in an email that I have received from Anydesk, they say that "yes, MITM has been attempted. [...] While attacks like this have been attempted before, this was the first time that an attacker was partially successful."

    So, we basically don't know since when (days, months?) our Anydesk sessions could have been sniffed and sensitive data gathered from them.

    This is very very bad, and I suggest that you revoke credentials that may have been exposed through Anydesk remote sessions. Also, of course, stop using Anydesk until it will be made clear what happened.

    Anydesk is currently being very silent, too silent, about what happened and WHEN. I really hope, as a paying customer, that they will provide more information and not more smoke and lies.

    Meanwhile I have installed a personal copy of Rustdesk (open source, not the closed one) on my own server. But I'm not so confident in them, too. It seems their attitude about security is sloppy.

    The stolen code signing key from Philandro software GMBH (the "old" anydesk key) has been used to sign malware already, and the sign date seems to be November 9, 2023. So not exactly yesterday. Since when was Anydesk breached, so?

    PS: public statement has been updated : https://anydesk.com/en/public-statement and there is also a FAQ now: https://anydesk.com/en/faq-incident

    PPS: looking at their compliance and security page, I believe that something did not work as expected: https://anydesk.com/en/compliance

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like