Slashdot Mirror
TeamViewer Servers Go Down, Users Believe They Are Hacked (softpedia.com)
An anonymous reader quotes a report from Softpedia: Something is happening with TeamViewers servers at the moment, and all clues point to a massive breach that has led to many users going on Reddit and complaining about having their computers hacked. Some users have reported finding new transactions in their PayPal and bank accounts, while others discovered someone had been poking around their email account. Other lucky users said they barely avoided getting hacked at the last minute, noticing their mouse starting to move across the screen, and hurrying to disconnect their Internet connection. On Twitter, the TeamViewer team wrote that they're only experiencing issues in some parts of their network, but they denied any security breach, at least on their side. In the past months, we've seen malware use TeamViewer many times to infect computers, but most of those cases were because of users who used weak passwords, which is certainly not TeamViewer's fault. It is strange that this time around, just when TeamViewer servers go down, multiple users also flock to social media to complain about getting hacked. This is either one huge strange cosmic coincidence or TeamViewer is really at fault and won't be able to pin the blame on its users. On a semi-related note, PayPal will be suspending their business operations in Turkey after failing to obtain a new license for its service in the country.
No, it's just softpedia being useless. As usual, deja-vu all over again.
A totally different story!
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
Other lucky users said they barely avoided getting hacked at the last minute, noticing their mouse starting to move across the screen, and hurrying to disconnect their Internet connection.
Literally laughing out loud reading this.
Most likely TV has been compromised.
Much less likely, a widespread MitM.
Anyone have wireshark dumps?
Teamviewer!=Facebook
Well, I use it for both the simplicity and capability to access my computer from both my android phone and the computer at work (browser, since i'm not allowed to install anything w/o IT permission).
When you factor in the fact that it has TFA, it's a pretty solid program that works well with multiple monitors. Why do you think scammers use it as well? It's a damn good program, free, and easy to use. Perfect to walk through an average user to install.
Of what Web 2.0 bullshit TeamViewer is?
back in the day I had an open VNC server running on my PC. One day our company hired some consultants to help secure our network. I was working along and I saw my mouse move in a way I didn't move it and I immediately pulled the network cable and traced the IP and made some calles...
Easier than getting them to join a GoToMeeting, making them a presenter, then having them display their screen? Because my average user is completely flabbergasted that they have to push "Run" after clicking the gotomeeting link. Of the ones that make it through the first hurdle, about 25% get stymied by "uhhhhh it's asking me for a name, what do i type?" followed by another 25% that manage to push "OK" on "Give Keyboard and Mouse" but fail to push the "Show My Screen" button on the "You are the presenter! Hide private windows and click Show My Screen" popup that was right after the first popup.
(Boss shelled out for the gotomeeting accounts since sales can use it for webinars/demos, but won't shell out for a gotoassist account or teamviewer or whatever for me to use to help the customers after they've bought in. No way am I going to be able to walk an average customer through Windows's remote support request process)
Same here! when accessing your computer remotely this is by far the most simplistic method.
Because the only time I hear about it is when people get sketchy calls, and are told there computer might have a virus. But don't worry, "microsoft" will help them after they install Teamviewer. Every company around here uses the built-in services. No need to install extra attack vectors. There are plenty of client software, and even phone apps/browser plugins that will connect with the software provided with Windows, Linux, and OS X.... So the question is, why would you want to install software that has the potential to make your system even more insecure? And apparently the login credentials are stored on their hardware, probably "in the cloud" too.? yeah, feeling about a zero chance I'll try their "services"
uhm, if they are on windows they can just use Skype to share their screen....
Why not use a source that isn't Nth-hand and deliberately breathless and content-free?
Stuff it with the softpedia-repeating. Use a real news source. Seriously.
Well, last time I tired using RDP for windows, it was annoying. You had to ensure that specific ports are open and firewalls allow it and so on. I am sure it's a lot better now, but it left a bad taste in my mouth to give it a try again when I can use a piece of software from a reputable company that makes my life much better.
You ask why install software that has a potential to make your system more insecure? That goes with ALL software, including all the recent reports from antivirus, OEM upgrading software, browsers such as firefox and chrome. Why else would people install software if it adds another hole? because they see the gains outweigh the risk. Like anything you have to determine if the risk outweighs the benefit or not. It might not work for you, but works just fine for me, everyone is different.
Actually, a lot of corporations migrated over to TeamViewer after a fiasco with LogMeIn eliminating their free version of their software.
http://lifehacker.com/remote-d...
Corporate I.T. likes these types of remote assistance packages, primarily because they let you set up a whole list of computers to click to connect with, under a single "master" account. It's really convenient to have all of your company's workstations organized by department or group and easily visible as to which are online and which are offline.
We used LogMeIn for this until they started talking about charging us thousands for what used to be free. That's when TeamViewer kind of popped up out of nowhere, promising equivalent functionality at no cost and a great migration path off of LogMeIn.
TeamViewer gives a unified interface for remote controlling everything set up with it, no matter what platform (Linux, Mac or Windows) and gives the ability to reboot a Windows PC in "safe mode" and still connect back up to it (great for malware removal purposes, etc.).
I've always thought Microsoft's remote desktop client needs a LOT of improvement, so these 3rd. party solutions aren't so necessary.
X does 3 more things than Y and leads to an increase in A, B and C.
On a semi-related note, Space-x lands a reusable rocket.
It seems like 1 articles sensationalist claims are targeting 2 birds. /.'s stories have become a joke - sigh
Comment removed based on user account deletion
Easier than getting them to join a GoToMeeting, making them a presenter, then having them display their screen?
Having used both, Teamviwer works better IMO.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
uhm, if they are on windows they can just use Skype to share their screen....
But as a person who gives a lot of support to windows users, I don't use Windows - goint to front me a free one?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Well, did you copy that from a script or something? Sounds like a Dr Oz show. Secure software always leaves a bad taste in your mouth. It uses specific ports so you can easily block it, or change it to the ports you desire for more control. If your remote viewer/support software is purposely trying to punch holes through a firewall then it's definitely NOT something you want to use.
We have an RDP server, and other than some pain with the licensing server getting our RDP CALs installed correctly, the sole operation on our gateway router was opening up port 3389. But if you're ultra-paranoid, just use PuTTY to set up an SSH tunnel. That's what I have on my laptop so I can administer the internal Windows servers.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It's determining your trade-factor between simplicity and security Some people just want their software to work quickly and out of the box, others are willing to spend hours to properly learn and set up the software. Anyway, when you sign onto your computer with teamviewer you still have to log in to the desktop. At least that's how it's setup on mine. These people probably used the same passwords with no TFA. As for your Dr Oz reference... I guess? I never seen the show.
Teamviewer says that there is no breach. That users that were compromised had not secured their remote systems with a password. I'm a teamviewer user, and have not had any of my systems compromised. It also seems apparent from the Reddit threads, that most of those people just left connections constantly open without even locking the remote system screen.
I have nothing clever to put here...
> Windows's remote support
For Windows, here are a few options to take over their system which don't require the user to click anything:
https://web.nvd.nist.gov/view/...
I don't think there is an OS today that doesn't have built-in remote support... why would you ever install some shady 3rd party program?
What is the builtin remote support for windows that is actually worth a damn? What about OSX?
Teamviewer is crossplatform (mac, PC, and Linux, ios, and android...); and quite frankly it's, very, very good. It works behind firewalls. It plays well with UAC.
It's pretty inexpensive even for commercial use, and free for personal use. Its not even slightly shady.
There are a few other solutions but most that I've tried are flaky crap by comparison, and the other good ones cost more.
Just went through this on Monday. I have an uncle I help remotely from time to time so I have(had) team viewer installed as a service. Get a call that someone had started remote controlling his laptop. He rebooted and uninstalled it immediately from his laptop and I changed up the team viewer passwords.
If it's that easy to find many many sources, why not do a little source selection?
Would reduce the number of complaints about poor "news" sources, breathless websites, woolly wordsalads full of wilfully empty words, stupid script submissions, and so on, and so forth. We might even get a usable /. back.
Exactly. He asks what OS doesn't do it, whereas I'd ask which one does. TV works across different OSes, it works with UAC popups, multiple monitors, regardless of screen resolutions, etc. It's super easy to use, there was no need to open ports (or to connect via a VPN), etc. Nothing comes even close to it. But now I have it disabled at home and work. Back to VPN usage for a while I guess...
OSX has built-in VNC, both client and server, and Messages has a configuration-free, built-in "share screen" feature, which can be invoked from either end.
I don't think there is an OS today that doesn't have built-in remote support... why would you ever install some shady 3rd party program? I guess people get a lot of calls from uh, "Microsoft Support" and then install it...
Windows XP Professional had remote desktop support built-in. Windows 7 Home does not. Not touching Windows 10. Even if Remote Desktop was available - its a complete pain to setup and manage for multiple PCs. Not to be a fanboi but over the past five years I've been able to solve 95% of family computer issues remotely with TeamViewer. The ones I haven't been able to solve with TeamViewer are network related or infinite reboot loops. VNC and X are both horrible on low-bandwidth / high-latency connections. Offer me an alternative to TeamViewer and I'll give it a try.
Metasploit? Just tell them to turn off their antivirus and click the link on your site. They won't even notice the download. Then when you are done their AV will clean it up!
It's pretty easy to use, and it is cross-platform. It pierces the corporate firewall very well. I'm probably a little paranoid, so I don't leave it running - I start it from ssh when I need it. Maybe that paid off today. I used to use VNC over an ssh tunnel, but that was not as seamless and VNC had weird little glitches in dealing with Windows->Mac and with Dvorak.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
OSX screen sharing works great with other OSX machines. Not as great with Windows, and definitely not when trying to pierce firewalls and use an alternate keyboard layout.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
They're a bunch of TV schills. Look at their language collocations. It's always the same.
"Connect Via External IP Address
To make this work to connect to a computer outside of your local network you need to have a static public IP address make a change to your router port forwarding settings."
https://coolestguidesontheplan...
You know, that's bearable if you are connecting back to your own home. But good luck getting that going in a remote support scenario with a customer or grandma.
And things get really fun if you need to be remotely connected to 3 or 4 systems at once... behind the same firewall. All doable... of coruse... but teamviewer is one click.
Teamviewer also has pretty slick file transfer and other capabilities, chat, etc.
and Messages has a configuration-free, built-in "share screen" feature
Messages huh? So much for cross-platform.
And even within platform ... one of my clients uses a mac and I have a macbook pro but my other laptop is windows, as is my desktop. And i don't have an iphone and I don't use messages. I know he does on his phone of course... not sure if he does on his mac though. Its hardly going to be my go to solution if he calls from a hotel in Budapest with a problem.
It might be an option if all the stars are in alignment, but i'll probably use something else that works at lot more places.
The built in remote support stuff in both OSes is rudimentary and clumsy... at best.
Most to the point, the built in options are flaky crap, complicated to set up and use.
Troll is not a replacement for I disagree.
You can't fix mom's fucked up computer 800 miles away with TeamViewer running in a VM.
They're a bunch of TV schills. Look at their language collocations. It's always the same.
Speaking of language patterns, I don't think I've ever seen anyone spell "shill" that way until today. What a coincidence you've posted in the same thread where a user named PublicSchill is making negative remarks about TeamViewer.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
If you choose some of those options, then yeah they'll need to click the link. The font etc you can probably just use in your email to them. Give em ten minutes, they'll click that "new email" notification without being asked.
You ask why install software that has a potential to make your system more insecure?
It doesn't have the potential to make your system less secure it DOES make your system and your network less secure, because TeamViewer is essentially RDP with a Firewall circumvention protocol bundled.
Allowing users on your network to have TeamViewer installed on their workstation is apparently little better than just having Remote Desktop Protocol open to the world.
There's actually a reason that firewalls exist, and that these services are blocked from being accessed by the internet..... TeamViewer is circumventing that, when the proper practice is to use a managed VPN device for legitimate remote access which will require two-factor authentication to connect to the network, then provide authorized users access to remote control on the target IP address.
Plus it works bloody terribly over the internet. TeamViewer entirely blows it out of the water.
I only use team viewer occasionally and I think only have one macine running with it installed.
Anyway I setup a teamviewer account back in 2010 but I didn't end up needing it I had not recived any emails from them until this year and now i'm getting "New contact request" emails from teamviewer.
Is this some type of overly complicated spam or what?
who is this "ARIA-PC"?
Minimum threshold fixed. Thanks!
Ha! You got modded down for pointing out superior benefits! Then "diji" points out that "Some people just want their software to work quickly out of the box" and a "trade-factor between simplicity and security." Trade security over simplicity? What the hell has happened to Slashdot?
I saw my Paypal e-mailed me today that there was a transaction. I immediately disputed that transaction and changed my password. I didn't know it was through TeamViewer that the hacker got in until now. So I've turned off all Teamviewer on my computers. I changed Teamviewer's password too, before that when I saw the log, it said someone logged in from Beijing yesterday. So far I haven't found any other unauthorized transaction yet other than 1 on Paypal which they refunded me already. Cross fingers that there is no more.
There's actually a reason that firewalls exist, and that these services are blocked from being accessed by the internet..... TeamViewer is circumventing that, when the proper practice is to use a managed VPN device for legitimate remote access which will require two-factor authentication to connect to the network, then provide authorized users access to remote control on the target IP address.
Ok... so a company i work with sold this guy halfway around the world some software. He's have a little trouble getting it working.
I offer to assist, he downloads TeamViewerQS, he reads me the id and password, I connect, and he's sorted out 5 minutes later. He closes the app, and the 'hole' is closed.
The proper practice you propose... is that I call his IT contractor, have them come by and install a managed VPN device, with 2FA, then authorize me as user ; sends me a VPN client, a certificate... login credentials... um... get real.
2 weeks later the another guy is at a conference in Venice; software won't run and he's doing a presentation that involves it the next morning. He fires up TeamviewerQS on his laptop in his hotel.. id/password... and we've got the issue sorted out.
i'm not even sure what you propose here...but its going to be hideous.
One area where teamviewer is great by the way... helping remote users get their VPN working, when somehting goes sideways with it.
Here's the thing though -- you aren't wrong. Lots of people use Teamviewer in very very stupid ways. But for a quick get-in fix something get-out its brilliant -- and if you don't use unattended access or install it so that its running as a service 99% of the hack surface is mitigated; since you literally have to run it to let people in, and then when you close it when they are done its done. This is where it shines.
On the other end of the spectrum properly setup and secured for internal enterprises support its probably in the same ballpark as secure as anything. I mean... everything is a vector your Meraki cloud switches and routers are vulnerable... your Azure / AWS / etc cloud stuff... your office 365 etc...
But sure there are lots of very stupid things you can do with it. You can do hideously stupid things with any networking tool though.
I don't think there is an OS today that doesn't have built-in remote support...
I don't think there's an OS today that HAS a built-in remote support feature that's easy to use and works. Between firewall tunneling setting up IP addresses, or in the worst case sharing a login/password for an OS based feature (Teamviewer is only a program and I'd prefer sharing a password of something I can simply close), Teamviewer has a lot going for it.
Mind you it's not the only one. There are many third party tools, even one built into Chrome that fill some major functionality gaps, or sometimes don't have functionality which can be a feature in itself. E.g. Windows RDP would do something that caused USB connections to stutter on my telescope resulting in missed commands to move, or locked commands to move. After playing with as many RDP settings I could find, I eventually switched to Teamviewer and then eventually to VNC.
Use RealVNC & learn how to reverse connections. If you need direct access set a strong password, don't use port 5900, use Encryption, set your BlacklistThreshold & BlacklistTimeout.
You can't embed fonts in emails last time I checked.
(Real piss off to the marketing team who wants the newsletters sent with custom fonts... which virtually all if not absolutely all mailclients completely ignored.)
And even if you could embed the font in an email (like you can in a web page) that doesn't install it on the local system.
"TeamViewers servers"
Illiterate American cretins.
Having used both, and WebEx, and Skype For Business, WebEx wins. WebEx has multiple methods to get the app running, most not requiring admin rights.
Click the "join" button, enter any required info and click the share button. I don't know why so many people have a problem with those simple tasks. It's the SHARE button....in the middle of the screen....jumping out at you....just click it!!!!!
It happened to me. ive used teamviewer for YEARS.. always had strongest algorythm set. and this never happened before.. and about 4 months ago while I was at work one night someone logged into my computer TWICE. once quite briefly to see if anyone was using the computer.. logged off... came back about an hr later and opened my browser... went to paypal.com... and of course my info is auto logged in.. its MY computer.. and they sent themselves 1900 dollars... FROM MY OWN PC. i had 0 dollars to my name for 2 weeks bc of some asshole. IP lead to china... prob spoofed. Still have the log..
Yeah, I forgot about that. After futzing with ssh tunnels and figuring out how to start it up via the command line, then working around the keyboard issues, it STILL sucked in the performance department. I ended up running "Chicken of the VNC" instead until I settled on LogMeIn, then TeamViewer.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I offer to assist, he downloads TeamViewerQS, he reads me the id and password, I connect, and he's sorted out 5 minutes later.
I'm objecting to the "He just downloads TeamViewerQS part"; unless he is in the IT department, physically the entire access is supervised by a sysadmin, and a temporary firewall exception is required to be added to the network firewall device.
The trouble is what happens if the software gets left on the computer, or some random user can easily deploy it without permission or forget to remove it.
It's the unattended access or support scammer access that is perceived as most dangerous, and also, the ease with which someone can do something careless with this..... which the network firewall is supposed to help prevent.
I don't know why so many people have a problem with those simple tasks.
Probably related to them needing help in the first place.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
RDP is anything but flaky. It's stable, and pretty much "just works".
What it doesn't do is bypass firewalls and allow multiple viewers for a single user session.
RDP is a remote terminal service. It is not a conference, screen-sharing, or remote-control service.
I'll give you the "complicated to set up" part, though. Except for server OS versions, which set it up automagically during the wizards.
Sure, this is absolutely TeamViewer's fault. If it's Toyota's fault that someone speeding and otherwise driving recklessly gets killed in an accident, then it is certainly TeamViewer's fault for allowing a user to use a weak password.
Any product that is not 100% idiot proof is necessarily at-fault for any loss resulting therefrom. That's simple tort law 101. That's why product manufacturers get sued every time their product is used incorrectly and there is a resulting loss. Because the product does not prevent improper use that could lead to a loss, that loss becomes actionable.
Obviously, you're not working in I.T. support for a company with highly mobile workers who often need assistance in the form of a quick fix, no matter where they're located.
Windows "Safe Mode" can be useful for removing malware because it tells the OS to boot up in a "bare bones" mode, bypassing the startup registry keys or scripts it would usually run at boot time. This may be less true for Windows 10 or 8 than for 7 ... but it was definitely the case with 7 that malware removal tools couldn't completely delete some malware without first booting into safe mode. (Once the code was running, courtesy of getting launched by the normal boot processes that were skipped in safe mode, they kept themselves locked from deletion.)
It's not always a viable option to tell somebody who is half way around the world "Sorry, but you have to stop using your corporate-issued laptop now. Unhook it from the network immediately and send it back to us to remove the malware for you." They just want someone in I.T. to try to connect up and get it cleaned up so it functions properly again -- so they can do the business presentation they were scheduled to do or what-not.
If there are concerns it wasn't possible to get it 100% clean, it can be earmarked to re-image when it comes back.
uhm, if they are on windows they can just use Skype to share their screen....
Skype... isn't particularly good at it and it really isn't any better than when it was Lync, so it doesn't seem to be a priority a MS to improve it. It's serviceable, I guess, but slow and not as functional as Teamviewer is. That extra functionality can cause issues like the article mentions, of course, but I don't have my user's run the app all the time and only have them start it when I need to see/control their screen.
"It is strange that this time around, just when TeamViewer servers go down, multiple users also flock to social media to complain about getting hacked."
No they didn't they went on social networks to complain. How about we just say they complained on the Internet and be done with it.
Social networks = a type of service over a network
Social media = content that is on that service
Do not get fooled by the outdated media corporations who are trying to turn any type of networking fad into something they are part of by naming everything their way.
I offer to assist, he downloads TeamViewerQS, he reads me the id and password, I connect, and he's sorted out 5 minutes later.
I'm objecting to the "He just downloads TeamViewerQS part"; unless he is in the IT department, physically the entire access is supervised by a sysadmin, and a temporary firewall exception is required to be added to the network firewall device.
The trouble is what happens if the software gets left on the computer, or some random user can easily deploy it without permission or forget to remove it.
It's the unattended access or support scammer access that is perceived as most dangerous, and also, the ease with which someone can do something careless with this..... which the network firewall is supposed to help prevent.
TeamViewerQS is a portable app that doesn't install itself and doesn't run as a service. It's not the same thing as the normal TeamViewer app and only allows incoming connections. It runs fine in user space on a machine without admin rights. It's also a free download that doesn't require a license. The person on the other end of the connection is the one who is licensed. The only sticking point is the firewall ports, but I've yet run into a location that blocked TeamViewer ports so it hasn't been an issue so far, at least for me.
Every company around here uses the built-in services. No need to install extra attack vectors.
I love RDP, and it works amazingly well... As long as both ends live on the same network (or have a public-facing IP) and don't have a firewall running (or the users at both ends know how to properly configure it). Unfortunately, those conditions rule out 99% of destinations.
Microsoft's advice on dealing with those issues may leave a few folks wanting, however: "If you're at home, make sure your router has the Windows logo on it". Gee, thanks Redmond! I'll have no trouble trying to walk someone through fixing that over the phone! "Okay, now open your browser and go to NewEgg.com... Buy the following router - Yes, you need to pay for it; no, it won't really do all that much that your current one doesn't, but just buy one anyway. Then just call me back in two weeks and I can walk you through hooking it up, and then we can experience the full glory of a Remote Assistance session to address your actual problem!"
And apparently the login credentials are stored on their hardware, probably "in the cloud" too.? yeah, feeling about a zero chance I'll try their "services"
Those "credentials" just makes the raw connection. Windows' own security still applies, so any potential attacker still needs to know your own, purely locally-stored, credentials.
By comparison, if you have one of the 1% of situations that would allow RDP/RA to work, an attacker only needs to know your local credentials. I'd have to call adding one more layer of security to that (even one we don't directly control) an improvement, not a weakness.
The story has an update where Teamviewer states they suffered DOS attacks but no compromise. (Along with the ubiquitous 'users need to safeguard their credentials.')
These aren't the power users you are looking for ::moves the mouse across the link::
Does Webex have a free personal account? I'm looking at their site, but when I click their "Free Meetings" link I get taken to a page that screams bait-and-switch, with zero information explaining the supposed free account.
Its not even slightly shady
I call BS on that Teamviewer is known to be just by every Ransomware artist out there and Teamviewer DOES NOTHING to stop this. I contacted them about a case of Ransomware and the only thing I got from them was auto-emails. Also no phone number to call. Teamviewer is a wall for crooks to hide behind.
Looks like someone gained access to my personal system via teamviewer around 3AM the last few nights...
They took my bitcoins :(
Or you could actually do it correctly and use a VPN connection to your network rather than exposing port 3389 to the internet. Don't punch holes in your firewall to the trusted side of your network.