Author Topic: TeamViewer hack/breach  (Read 1019 times)

Peter

  • Administrator
  • Forum addict
  • *****
  • Posts: 1490
  • Karma: +36/-2
    • View Profile
TeamViewer hack/breach
« on: June 04, 2016, 09:05:34 pm »
Wow I missed this one, but this seems to be one of the 'biggest' breaches in IT - in a long time.

http://arstechnica.com/security/2016/06/teamviewer-users-are-being-hacked-in-bulk-and-we-still-dont-know-how/

https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying

I also have it deployed for several people I help, and I do hope they won't get hacked.
But luckily they have no Paypal account or anything... their data is still sensitive.

Kinda related. NEVER use the same password on all sites, and you should apply this on our forums as well. Just use Keepass, for example to keep your passwords safe.
- qBittorrent team - server and forum administrator.
- Hungarian translation reviewer/moderator (+ translator).

KitKat

  • Veteran
  • ***
  • Posts: 344
  • Karma: +26/-0
  • Here i stand with my bayonet...
    • View Profile
Re: TeamViewer hack/breach
« Reply #1 on: June 04, 2016, 02:51:32 pm »
Saw this earlier today on another forums site i look at.

The general consensus there was that it was a case of non-tech savvy users committing a password recycling U53R error.
There have been alot of website breaches and leaks over the past year and its very likely there is a massive password list + relational data for all these users.

The free webhosting service 000webhost was rooted if i remember correctly (idiots ran a version of SQL/PHP that was vulnerable to heartbleed on their free services months after it was reported)
Which means that all the stored client information (and the information of those client's clients) would have been leaked + sold and enumerated into password lists.

That or teamviewer has been hacked to the point where its 2sta is completely bypassed (seeds known) and they have 0 idea about how its happening.

Now whats more likely, users of teamviewer RA tool who arent the cream of the crop in terms of tech smarts recycling passwords for their email account (how 2sta is been bypassed) and other services, or a million dollar tech company been compromised so badly they dont even know how its happened/have any internal logs of the compromise/un-authorised access??
The following BBC is not allowed within your signature: html, img, php.

Peter

  • Administrator
  • Forum addict
  • *****
  • Posts: 1490
  • Karma: +36/-2
    • View Profile
Re: TeamViewer hack/breach
« Reply #2 on: June 04, 2016, 02:56:31 pm »
My biggest worry here is - you need a Teamviewer ID to log in.
In usual breaches, you have your target email, like stupid @gmail.com.

stupid @gmail.com is your average Joe who uses '123456' password.
You look up a few cracked databases, you find him, you log in with that, simple.

But how did they guess the ID here?
That's the most creepy thing here.
Even if they just random poke around, if you try it, you won't ever hit a live PC just by typing in random numbers as ID.
And let's say you find one, you can try it three times or so, and you get banned for X time.

Something is definitely fishy.
- qBittorrent team - server and forum administrator.
- Hungarian translation reviewer/moderator (+ translator).

KitKat

  • Veteran
  • ***
  • Posts: 344
  • Karma: +26/-0
  • Here i stand with my bayonet...
    • View Profile
Re: TeamViewer hack/breach
« Reply #3 on: June 04, 2016, 03:47:14 pm »
I dont use teamviewer much personally but im pretty sure that if you actually install it and create an account they send you an email containing your teamviewer ID/account information.
If its simply an EMAIL breach that escalated into a TV breach due to the person leaving those emails around or the hacker/bot script doing an account recovery on teamviewers site that could explain the "how" part.

Another user posted a theory that its not teamviewer that was hacked but a company that uses teamviewer to manage its clients having a database breach.
Which is interesting and more likely in terms of practicality but still doubtful.

When i ask people to let me see what they're doing for debugging and they request i use teamviewer i just do the "run once" useage of it and dont install it to begin with..

This is also somewhat relevant as its recent/teamviewer related.
https://www.teamviewer.com/en/company/press/statement-on-ransomware-infections-via-teamviewer/
3~ months old now.
« Last Edit: June 04, 2016, 10:52:35 pm by KitKat »
The following BBC is not allowed within your signature: html, img, php.

Peter

  • Administrator
  • Forum addict
  • *****
  • Posts: 1490
  • Karma: +36/-2
    • View Profile
Re: TeamViewer hack/breach
« Reply #4 on: June 04, 2016, 11:54:17 pm »
Teamviewer gives you an ID for every PC - when you start the client first. (QuickView or normal client.)
You don't get that emailed, nothing. Only YOU and Teamviewer knows  it.

Even if an attacker could guess the generation code, they would need the MAC/Hardware Data of a victim...
tl;dr: It's full creepy. I wonder about the actual breach/attack.
- qBittorrent team - server and forum administrator.
- Hungarian translation reviewer/moderator (+ translator).