TeamViewer beefs up account security after rash of PC, Mac hijacks

Help! My mouse just moved and upvoted Justin's post!

Will these extras have much effect?

The criminals have gone to this much effort, I'm sure they can afford a VPN in the targets country so the locale matches. They would be doing that anyway to hide their IP, all it means is they have to pick the right VPN in their list...

Secondly the notifications that someone has logged in from a new device. Well these attacks are happening at 5am in the morning when everyone has their phone on silent...

Isn't it rather late to be securing the stable doors? I thought you did that before the horses bolted.

That's it?

"We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users,"

And in another breath... 'it's your problem customers".

In a nutshell.. there's what's wrong with the world. It's someone else's problem if your site/product is being used as an attack vector.

Pretending this happens to you

The easiest way to stop these miscreants is to turn off your computer. Hold the power button down until it goes off. You cannot control what is not turn on.

Teamviewer was ok before V11

Now? Unless you pay lots of dosh it stops working after a short time.

Nice one.

Keeping on V10 until we can find and evaluate a replacement. For 1-2 sessions a month the money needed for V11 is enough to make the bean counters turn in their grave.

now that they have made it clear that everyone needs to reinstall TV

how long until the same miscreants use the vulnerability to push out an 'update' addressing the breach which actually makes it worse?

Seems like an SSL certificate has been compromised.

Science!

Not good... TV may lose large clients for this

I know of some companies that use it as their main remote session manager for entire labs... not small companies either, and their work is highly confidential.

Guess this is why they're insisting it's not their fault.

So for v10?

Did some experimentation last night: me with a linux box and my father's machine on W7, with the 'use as required' executable. Neither of us have an account at TV.

1/ until the remote end is executed, my end advises me that the remote is unavailable (I have the remote user number from previous sessions)

2/ when the far end wakes up, I get the request for his passcode, delivered by phone

3/ at this point, I can drive his machine

4/ while connected, there are three TV services running in the windows running program list (I forget what it's called)

5/ after disconnecting and closing the remote end, there is still one TV service running.

6/ trying to kill that service appears to re-spawn it

So what's going on here then? It looks as if there's something running (though my father may well be misreporting!) which isn't announcing availability but doesn't want to go away.

On my linux box, once the program is stopped, there's nothing left showing in ps -ax

Whats all the fuss about...

In response to the reply to this post below. You cant spell 'team' without 'ME'.

There is always a possibility of something like this happening when you leave remote control server directly accessible from the internet. If you need 24/7 remote control access you should run OpenVPN or similar VPN server and allow outside connections only through the VPN tunnel.

Ironically, the very technique (hole punching to circumvent routers) that makes Teamviewer faster to set up the normal way makes it more involving to set it up a safer way that allows access only through VPN.

Oh dear,

I know of at least one UK fruit machine manu' that installs TV on machines running XP / W7, but rarely users it or updates it.

Mmmmmmmmmmm

Anon for obvious reasons/

Build in better security

One of the problems is the use by "We are phoning from Microsoft and we have noticed a problem with your computer scammers" This is not my field but surely there could make it more difficult for the scammers. e.g. have the IP address of any remote access to be logged by TeamViewer with a block on using anonymising etc. Also a simple warning "Warning if you are using this as result of an unsolicited call it probably is a scam" that users need to answer with at least three key presses YES to.... I'm sure better brains than mine could improve things a lot.

Last time "Microsoft Support" got me to install TeamViewer I managed to keep them on the phone for over half an hour before they twigged I was on to their scam.

I do not believe for one second anyone claiming using unique passwords have been breached I don't believe that at all.

"We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users"

"My goodness gracious!!! We are shocked; shocked, I tell you. Honestly, we had no idea that criminals could use the internet! Why didn't someone tell us about this sooner?!? What is this world coming to?"

Since when is user stupidity TeamViewer's Problem?

Oh Please,

I am astounded at the level of accusation leveled at TeamViewer. From where I sit, and I have corporately licensed this product since version 4 and will continue to do so going forward, the only error that TV GmbH has made was to provide free versions that allowed idiots with pathetic password security to commit gross stupidity. After having done so the same fools who used common creds everywhere including in their Browser cached creds to access PayPal and Amazon, used those same creds to access TV configured to start on boot with those creds for remote access.

This is somehow TV's fault? Are you fucking NUTS.

I have many hundreds of end users who have taken up TV's freebie offer and been stupid about how they did it. I don't like the freebie policy, but thats TV's business choice. You could maybe make a case of TV having a sloppy PR department, but putting this responsibility on them is close to accusing a rope manufacturer because some idiot hung himself!