Teamviewer warning

Tomahawk · 2016-06-02 21:24:22

So this happened yesterday:

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

Maybe there was a security breach, maybe there wasn't, but either way you should:

- Stop teamviewer from starting automatically when you boot by going to Extras > Options > General and unchecking the "Start TeamViewer with Windows" checkbox,
- Quit teamviewer whenever you go afk for any decent length of time. Be aware that if you have the "Close to trey menu" checkbox checked in the "Advanced" tab of the settings, closing the application won't actually close teamviewer.

You might not have any sensitive information worth taking, but remote access can also be used to install ransomware/keyloggers etc.

EDIT:
While I'm at it, I've noticed that pretty much all people I connect to on Teamviewer haven't bothered to edit the permissions given to incoming connections. I think these default to "Full Access", allowing the connected user to do things like lock your keyboard and mouse.

My recommended settings:

Go to Extras > Options > Advanced. In the "Advanced settings for connections to this computer" section, change "Access Control" in the drop-down list to "Custom settings". Just below that, click "Configure..." and set the following settings:

- Connect and view my screen: Allowed
- Control this computer: After Confirmation
- Transfer files: After Confirmation (this allows the person to freely view the files on your PC, and transfer files both ways, or filebox you stuff without establishing a remote connection)
- Establish a VPN connection to this computer: After Confirmation
- Lock the local keyboard and mouse: Denied
- Control the local Teamviewer: Denied (you don't want anyone to change these settings)
- File transfer using the file box: Allowed
- Print on remote printer: Denied
- Change sides allowed: Allowed

Srna, Kikikan, Xfrogman43, kubapolish

Kikikan · 2016-06-02 21:49:07

Thanks for alerting the community Tomahawk!

Vitalijus · 2016-06-02 21:52:01

The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.

Tomahawk · 2016-06-02 22:02:22

Vitalijus wrote:

The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.

I'm assuming that if someone tries to connect and screw around while you're at the computer, you'll end it and blacklist them. At any other time, teamviewer would be off.

Zumza · 2016-06-02 22:07:01

I didn't really understood how many people were affected by whatever happened.

mrjawapa · 2016-06-02 22:08:07

Don't you need to give someone a code, or send them an invite, before they can control your computer?

Tomahawk · 2016-06-02 22:24:00

JaWapa wrote:

Don't you need to give someone a code, or send them an invite, before they can control your computer?

If you have a user's ID and current password, you can connect instantly and they receive no confirmation request or popup in which they can deny the incoming connection. This allows you to go into either remote control or file transfer.

XxAtillaxX · 2016-06-02 23:00:06

There wasn't a security breach.

I've looked at their source code and looked at the way they handle authentication.
It's virtually impossible to establish a connection with their current security policies.

Vitalijus wrote:

The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.

You're more likely to get your house broken into and your electronics stolen than be compromised by TeamViewer.
I suppose you shouldn't live in a house then?

Zumza wrote:

I didn't really understood how many people were affected by whatever happened.

There are 20+ million devices running TeamViewer at any given moment.
It's a matter of statistics.

Jesse, BuzzerBee, kubapolish, POLAK23P

den3107 · 2016-06-02 23:06:57

The reason why so many people were breached is because a lot of people let teamviewer start up upon system boot, that way they can access their pc remotely while at work/on school/at a friend. Obviously when teamviewer is on and the passwords are hacked, people can use it for other purposes too.

mrjawapa · 2016-06-03 01:13:26

Atilla's post is enough for me to say **** on all of this.

John · 2016-06-07 17:53:58

I prefer LogMeIn, it seems more secure.

drunkbnu · 2016-06-07 17:56:54

I'd use SSH. Of course, don't allow the user to access as root on the machine.

capasha · 2016-06-07 19:54:20

HG wrote:

I'd use SSH. Of course, don't allow the user to access as root on the machine.

How do I disable root? I have no idea how to do this.

hummerz5 · 2016-06-07 19:58:26

capasha wrote:

HG wrote:
I'd use SSH. Of course, don't allow the user to access as root on the machine.
How do I disable root? I have no idea how to do this.

format the hdd

drunkbnu · 2016-06-13 18:24:41

hummerz5 wrote:

capasha wrote:
HG wrote:
I'd use SSH. Of course, don't allow the user to access as root on the machine.
How do I disable root? I have no idea how to do this.
format the hdd

Make sure the root account doesn't have a password, or just set one impossible to guess or know. Then, create a new user with a password different from your main account, so that the person that will use SSH will connect to that account, unless he/she knows your main account username and password. Then, you can give him read-only, access to your important files, while letting them use their account for special things, without in any way damaging your computer.

Official Everybody Edits Forums

#1 2016-06-02 21:24:22, last edited by Tomahawk (2016-07-08 15:10:22)

Teamviewer warning

#2 2016-06-02 21:49:07

Re: Teamviewer warning

#3 2016-06-02 21:52:01

Re: Teamviewer warning

#4 2016-06-02 22:02:22

Re: Teamviewer warning

#5 2016-06-02 22:07:01

Re: Teamviewer warning

#6 2016-06-02 22:08:07

Re: Teamviewer warning

#7 2016-06-02 22:24:00, last edited by Tomahawk (2016-06-02 22:26:45)

Re: Teamviewer warning

#8 2016-06-02 23:00:06

Re: Teamviewer warning

#9 2016-06-02 23:06:57

Re: Teamviewer warning

#10 2016-06-03 01:13:26

Re: Teamviewer warning

#11 2016-06-07 17:53:58

Re: Teamviewer warning

#12 2016-06-07 17:56:54, last edited by drunkbnu (2016-06-07 17:57:39)

Re: Teamviewer warning

#13 2016-06-07 19:54:20

Re: Teamviewer warning

#14 2016-06-07 19:58:26

Re: Teamviewer warning

#15 2016-06-13 18:24:41

Re: Teamviewer warning

Board footer