Remote software has been vital for conducting online meetings and sharing desktops for years, but one of the most popular, TeamViewer, keeps getting hacked.
TeamViewer has regularly been the go-to option when it comes to businesses communicating online with colleagues, customers and technical support teams. Naturally, the procedures behind using remote software require a high level of trust.
And that’s why it’s worrying that a program which already asks you to relinquish control is at risk of being hijacked itself. This is potentially very troubling for businesses, so I’m going to take a look at what’s happening with TeamViewer.
TeamViewer Hack
The first rumblings of a hack emerged at the start of June when a disturbingly high number of TeamViewer users found that their PayPal accounts had been accessed. This was achieved by hijacking the users’ web browsers and accessing webmail and PayPal where users where still signed in.
What’s particularly worrying here is that many users reported having high levels of security in place. Even two-factor authentication (a gold standard of security) was not enough to stop the hijack taking place. Some of the hackers’ targets were lucky enough to be at their PC when the attacks took place, so were able to disconnect or revoke privileges, but others were not so lucky.
TeamViewer has not been keen to accept any liability for the attack. In fact, they have pointed the blame at their users re-using their TeamViewer login credentials on other websites which have then been hacked. However, it remains curiously strange that TeamViewer’s website went down for three hours at the height of the attack.
TeamViewer have since released a statement which confirmed their website outage, but claimed this was down to a denial-of-service and not a security breach.
TeamViewer’s Response
Despite TeamViewer not wanting to take any responsibility, they have since released two new additions to their software to increase security:
- Trusted Devices – By activating Trusted Devices, users are given the ability to approve any new device which is trying to connect to a TeamViewer session.
- Data Integrity – This feature is particularly clever as it monitors for any unusual behavior within the TeamViewer session. And, if this is detected, TeamViewer will not allow the session to continue without users resetting the password.
These are certainly useful features, but given the precious nature of remote sharing software, many users are wondering why these were not in place already.
Login Credentials Theft
Although many TeamViewer customers are upset over the company’s reluctance to accept any responsibility, TeamViewer may have a point about the theft of login credentials.
Just recently, a hacker has been trying to sell a mammoth database of stolen login credentials totaling around 640 million passwords. This is a major security threat and highlights the importance of protecting your passwords.
The best advice I can give, regarding passwords, is to remember the following:
- Don’t reuse passwords on different accounts
- Do not write down or tell other people your password
- Use two factor verification wherever possible
For more ways to secure and optimize your business technology, contact your local IT professionals.