New TeamViewer Hack

[upnorth]

Quote : " Do you have remote support software TeamViewer installed on your desktop?

If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other's PC over the Internet from anywhere in the world.

For a remote session to work both computers—the client ( presenter ) and the server ( viewer ) —must have the software installed, and the client has to share a secret authentication code with the person he wants to share his desktop. However, a GitHub user named " Gellin " has disclosed a vulnerability in TeamViewer that could allow the client ( sharing its desktop session ) to gain control of the viewer's computer without permission. "

 

[upnorth]

Stumbled over a few tweaks that might help in the future.


Quote : " Back in 2016, there was a rash of computers compromised through TeamViewer. And just now, in December 2017, TeamViewer was forced to issue an emergency fix for a serious vulnerability in the program. Even when there aren’t any glaring security holes or widespread attacks, though, it’s very easy for a TeamViewer user to have their computer compromised if they don’t have all the right settings in order. And if you look at reports of past compromised machines, most victims were using an unsecured setup.

By default, TeamViewer isn’t a particularly secure application. It favors ease of use over difficult-to-navigate security procedures. This is useful when you’re trying to help your dad solve his computer woes from across the country: you can have him download a single file, run that file, have him give you the simple numeric computer ID and password, and boom, you’re controlling his computer and solving the crisis. But leaving TeamViewer in that simple first-run mode (which really should only be used in such a simple state for those one off emergencies) is just asking for trouble.

TeamViewer has tons of security options you can toggle on and tweak, however, and it’s really easy to go from a not-secure TeamViewer experience to a very secure TeamViewer experience with only a little tinkering.

Before we proceed, however, there are a few things we’d like you to keep in mind while reading through the tutorial. First, not every person needs to turn on every option we suggest. You need to balance your needs and workflow against the security changes you make—you wouldn’t want to, for example, turn on the feature that requires a user at the computer to accept the incoming TeamViewer request if you’re using TeamViewer to connect to your own unattended computer.

Second, if TeamViewer is installed on your computer through your work, by a tech support company you’ve hired, or by a relative who helps troubleshoot and maintain your computer, we’d encourage you to read over this article ( and potentially take advantage of some of the tips ) but to also consult with the person in charge of your TeamViewer experience. "

Source : How to Lock Down TeamViewer for More Secure Remote Access