Potential Teamviewer pwnage?

cyberguyprcyberguypr Mod Posts: 6,928 Mod
It seems like the thread form the other day disappeared. I am seeing this blow up on Twitter and Reddit with multiple reports of compromise. Add to the fire the fact that Teamviewer's site is currently down and it's looking really bad by the minute. Has anyone else seen weird activity and can confirm?

Comments

  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Yeah, my buddies say it doesn't work for them. I personally never relied on it (using their proxy that I can't control always seemed to be too much of a trust), sometimes I use teamviewer QS portable (or AAMMYY admin which works similarly to TeamViewer, etc.) when everything else fails just to set up an OpenVPN always-on with machine cert authentication to my own server and then use other remote administration tools over this connection.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Definitely sounds like they have been breached... We'll see though. Interesting to see how this plays out
  • joelsfoodjoelsfood Member Posts: 1,027 ■■■■■■□□□□
    Their site appears up from here.

    To be fair, OP on other thread had teamviewer running without a password. Security through obscurity is never a safe path in life
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Don't worry got a new avatar for him

  • doctorlexusdoctorlexus Member Posts: 217
    joelsfood wrote: »
    Their site appears up from here.

    To be fair, OP on other thread had teamviewer running without a password. Security through obscurity is never a safe path in life

    That's weird. I responded to that thread, and now it's gone. Didn't know one could delete their threads on here, and can't see any reason for an admin to delete it.

    In any case, I was using Teamviewer earlier today without any issues. If there was an outage, I must have missed it. My best guess on the hack is there are just a lot of people with poor security settings.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I don't know. There have been multiple reports of people who even had 2 factor enabled being compromised. There's an article out there about some malware leveraging the teamviewer binaries. I'm torn between teamviewer being compromised or a very strategic watering hole attack.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    The other thread was probably deleted because it had an active url that was pointing who knows where. Admin that deleted it probably knows more. I was tempting to click on it but did not have my VM running so I stayed away from it, better safe I guess. Those tiny urls are dangerous.
  • doctorlexusdoctorlexus Member Posts: 217
    I haven't been able to find any good security write-ups on teamviewer as of recent. Lots of user claims on reddit, but you never know if people are really being completely forthcoming about their personal security practices.

    I'm leaving it installed on my machines for now. Malwarebytes and MSE show clean scans.
  • doctorlexusdoctorlexus Member Posts: 217
    TheFORCE wrote: »
    The other thread was probably deleted because it had an active url that was pointing who knows where. Admin that deleted it probably knows more. I was tempting to click on it but did not have my VM running so I stayed away from it, better safe I guess. Those tiny urls are dangerous.

    Ah, yes, you're right. The OP of that thread did post a strange URL. I never clicked it, though. I don't trust strange URL's either.
  • ChinookChinook Member Posts: 206
    The corp claims nothing happened. IMO, I'd take that with a grain of salt. Companies are reticent to go public with hacks because it's bad for business. I work in the industry and I can tell you that I've personally approached organizations I've found major vulnerabilities in and almost 100% of the time they don't even reply and very often don't fix the problem. I've often considered releasing the information but I fear I'd go for a ride in a police truck.

    The only way companies will change is when people can sue them for material loss of personal information.
  • doctorlexusdoctorlexus Member Posts: 217
    Yeah, I agree. Can't trust the company's claim, but also can't trust user claims so much either--unless I see a very skilled user make a detailed write-up about a security exploit. But I couldn't find anything substantiated in all of the reddit posts I looked at.

    At this point, I'm just watching carefully for posts on future incidents and taking reasonable precautions.
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Curious how they are accessing bank accounts? I wonder if they have "save password" enabled on some sites or keyloggers probably
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    tpatt100 wrote: »
    Curious how they are accessing bank accounts? I wonder if they have "save password" enabled on some sites or keyloggers probably

    Right, before I was guessing that Teamviewer got breached and the users that got their bank account emptied were using the same logon credentials for their banks as Teamviewer... But can't say that quite yet because they didn't get breached (according to them icon_rolleyes.gif)
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    wow that is definitely interesting!
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Logged into Teamviewer web portal and just got a contact request, with a user name like this it can't be legit lol

    Capture_zpsetue2j4d.jpg[
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Guy on Reddit...

    bV9GObA.jpg
  • doctorlexusdoctorlexus Member Posts: 217
    This all from a web account? I wonder if having a web account is a necessary condition to being compromised. I never signed up for one myself.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I don't use this service but I've been following the reports and I just can't get aboard with the "people are reusing passwords" and "people are getting malware and that has nothing to do with us" story fed by Teamviewer. I know people are stupid, but this many all of a sudden, I just don't know. In the Reddit thread some compromised people admit to reusing passwords, yet others attested to no pwd reuse and some even had 2FA enabled. It's theoretically probable that every single user got something malicious dropped on their machine that exploited TV but again, seems unlikely. We need some of these users to volunteer a forensic image ASAP.

    Teamviewer offices right now.
  • doctorlexusdoctorlexus Member Posts: 217
    cyberguypr wrote: »
    Teamviewer offices right now.

    Heh. Good one.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    cyberguypr wrote: »
    Teamviewer offices right now.

    LOL nice


    (think I accidentally gave a minus rep instead of a plus rep...can an admin fix that one? icon_silent.gif)
  • Benj94Benj94 Member Posts: 67 ■■■□□□□□□□
    TheFORCE wrote: »
    The other thread was probably deleted because it had an active url that was pointing who knows where. Admin that deleted it probably knows more. I was tempting to click on it but did not have my VM running so I stayed away from it, better safe I guess. Those tiny urls are dangerous.

    It was my thread and I wondered why it was deleted. I completely forgot about the URL. The URL took you to the website the hacker tried to take me to. I believe he was trying to find my IP.

    Would have been nice if the admin had just taken the link out rather than deleting the thread.

    Strange goings on with Team Viewer at the moment. I'd definitely recommend closing it when you don't need it. If I wasn't at my computer when I was hacked, I could have been royally screwed.

    Server and Storage Analyst
    CompTIA A+
    MSCA: Server 2016 - 70-710 70-711 70-712
  • Benj94Benj94 Member Posts: 67 ■■■□□□□□□□
    Don't worry got a new avatar for him

    Thanks dude. We live and learn.

    Server and Storage Analyst
    CompTIA A+
    MSCA: Server 2016 - 70-710 70-711 70-712
  • Matt2Matt2 Member Posts: 97 ■■□□□□□□□□
    Yeah, based on what I've been seeing I'll be surprised if they don't EVENTUALLY admit, errr determine, they were compromised.
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    I can't anything legit but this link is from TeamViewer. TeamViewer denies hack as users claim computers remotely hijacked

    Watch out for attribution gone wild. In this case it could be a malicious link sourcing LastPass for all we know. Find evidence follow to it logical not hysterical conclusion and you will discover the truth.

    For now... the whole thing sounds hokey.

    - b/eads
Sign In or Register to comment.