The 2FA authentication is only useful if you whitelist your account. The default settings, just as you mentioned, allow anyone to access your computer should they somehow guess the random password.
My guess is that the hackers have found a way to acquire these random passwords, or are simply brute forcing them on a massive scale and we're seeing reports of the minority of successes.
Thanks I get it now. It would be interesting to know if the chap who reported being connected to, with 2FA on, had restricted access via the whitelist or had left it the way mine was. I suspect the latter.
However I am so paranoid at the moment that I have decided to exit teamviewer completely between uses until this all blows over.
EDIT: In the comments below the linked article is the best explanation yet in my opinion:
>They sign into the website/client with the compromised credentials, and get a list of what computers are online and waiting for connections from that account.
I don't know what to make of this. Is TeamViewer looking into this? They seem to have immediately dismissed this as people with weak passwords without any indication that any kind of investigation was performed. Is this because they feel they are unhackable so these incidents are not worthy of investigation? Are they looking into it?
The fact that all of these questions are up in the air means that I really have no choice but to quit using the product. I don't do a lot of remote support with other people but do need to access different computers of my own (that are in different locations) at certain times. Before TeamViewer I would use Hamachi + VNC which worked fine with the exception that Hamachi always goes into "relay mode" when I am not on a very good connection, which was always a joy to find out when I was on vacation and was unable to access anything because all of the nodes were connected in "relay mode".
Someone else here mentioned ZeroTier as an hamachi alternative, so I think I will give that a try. A longer term goal is to link the machines together using OpenVPN, which I am not currently an expert in.
Of course but if I've learned anything from camping is to always prepare for the worst weather possible. Very smart to treat this as TV getting hacked versus simple password re-use due to the nature of money being taken from victims.
This is also why I'm glad I've never used the accounts for TV and have always resorted to the number generating system (if of course the breach is related directly to the accounts)
Make sure you have the number generation on the more secure option. I'm still using the accounts but only my machines are whitelisted to connect to each other, plus I turned on 2FA. The next step may be to turn it on to LAN-only mode and get my VPN working properly.
The Teamviewer account is required to access another computer without someone being there [1]. When you're helping a friend or demoing to a customer, they're there to start their teamviewer and give you the access code. There is no need for accounts if those are all your use cases and there is no risk to be attacked without an account, is that correct?
If you read the article they tell you the most likely situation is the fact that millions of passwords are leaked everyday attached to emails in various data breaches.
This breach could also be data leaked from TeamViewer but as of right now there has been no official word as far as I can see. Considering users like to use the same username and password a bot could easily run through a leaked list and report any successful logins back to an attacker (an older exploit).
As far as I can tell the random numbers being generated are not affected but users who have actual accounts are being affected. There has been no official word but the number generating system being exploited over the accounts being exploited seems far less likely. Only time will tell thought so hopefully we will get an official word soon!
edit Seeing a lot of different theories in the comments and honestly I'm not sure which one makes the best sense. I really do hope TV makes a comment soon about how it's happening but we probably won't see that announcement until they release the fixes which are supposedly later this year.
I presume you are referring to the password?
Why would it be probably generated on the server?
That would mean that the server would have to pass the password back to the host computer for display.
Whereas the host computer would only ever have to pass a hash to the server if the passwords were generated on the host.
They did report DNS issues, it could be that someone hijacked their domain/DNS and set up a fake authentication server. From there the possibilities are endless. [0] jumps to mind
search "Do you have a TV Account" I have yet to find an answer from someone that said No (meaning they use the numbering system- only yes, used to and "free" which still is a login). A lot of answers to include that they use the same password for the same email for various accounts. A few that don't but those numbers are very small and more than likely that user was compromised another way.
edit Of course this is speculation and as mentioned in the original post of this article we should assume this was TV being hacked versus just a simple re-used password
We would know more, but we wouldn't necessarily have an answer.
Reading the source code we cannot be sure that some vulnerable software was not updated quickly enough on some production system of theirs, or say anything about DNS poising etc.
Happened to my friend about 3 weeks ago and he's a fairy savvy computer user. Had 5k extracted from PayPal which has just been recovered. All my friends have now uninstalled team viewer if they had it installed.
I was going to suggest the same thing. ZeroTier has been an absolute dream in eliminating the necessity for traditional gatekeeper services like TeamViewer or Hamachi.
How did you disable it? I disabled TeamViewer's "Start TeamViewer with Windows" option months ago (I only used the software that one time). I just checked now - the option is still disabled but I see the TeamViewer Windows service is running, exposing my machine to god knows what. Really irritating.
Whenever I install Teamviwer I don't install it as a startup service - If I have to remote into someones' computer, I want them to initiate the connection process so they know what's going on.
Actually, yes. I used to be an Apple Genius and whenever we dealt with two machines on separate LANs, that required NAT, there were so many problems with traversing the routers. We had to do manual setups with port forwarding or DMZ. Facetime seems have significantly improved with this (but was awful when it was iChat w/ Group Video chats), but Back to My Mac is still very problematic-- you can see this issue also by trying to Screen Share over iMessage to other people. In my experience it only has about a 50% success rate.
My home setup still doesn't work with Back to My Mac (and hasn't for years).
They would if they wanted to preserve its image going forward. I actually need a remote tool to help my parents & was planning on downloading TV. Guess not...
teamviewer is constantly connected even when you turn it off connected to server pretty much a complete tunnel through any firewall. run vnc in server mode not as a service and map the ports through and use non standard ports none of these tunnel setup logme in type remote desktop desktop viewers.
Hard to say or prove that changing your password actually protects you. best method to avoid is to not have it running. Like I mentioned before when you run something that uses a server to tunnel through your firewalls you have to feel this server is trusted. i do not trust a server I rather run a desktop sharing tool like uvnc and control when it is on and off and have no unknown party tunnel .
In the end when I was asked to install teamviewer (I use Linux BTW) I could see all thr process even after I turned it off. i would find myself killing off the 3 or so process that maintained a connection to a server. Heck i get alot of I am silly and its secure. Now I have not had anything happen to me and yet to see anyone beyond stories online. Do not take my word for it run a debugger or trace it wireshark do what you will you will get a suprise. sorta like when I ran skype in linux and traced what it accessed (scary stuff)
Changing the way the ID / password generation is done and requiring additional verification when a new device wants to connect to an existing TeamViewer install
Send out an email saying "We're seeing increased attacks on Teamviewer accounts with reused passwords. Please reset your password, especially if it has been used on other sites."
No need to take blame - I gather that TV is not exactly a transparent organization, and perhaps their customers are less amenable to security update or outage post-mortems than most HN readers, but they ought not stick their heads in the sand.
As a paying customer, I should not have to find this out through Reddit and HN.
I ran teamviewer on 2 computers.
The teamviewer windows appear.
On neither instance do I log into my teamviewer account, so I don't enter my account password and therefore I don't enter a 2FA code from my phone.
However I can still open a session from one computer to the other using either the random password or the stored computer-specific password.
So how exactly does 2FA increase my protection from the alleged scam?