1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Teamviewer hacked, completely insecure

Discussion in 'SteamRep General Discussion' started by Salmon, Jun 2, 2016.

  1. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    As we all know, teamviewer use is generally bad practice. But for anyone who has it installed, if that machine has been on in the last two weeks it probably has had someone try to access it via teamviewer. Even if your financial accounts haven't been hit yet many users are reporting their caches were looked at (to get at passwords) and viruses left behind.

    More info at: https://www.reddit.com/r/teamviewer/
    Salmon, Jun 2, 2016
    #1
    SilentReaper(SR) likes this.
  2. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Glancing it over its still "denied" by TeamViewer....
    SilentReaper(SR), Jun 3, 2016
    #2
    Enstage likes this.
  3. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,859
    SteamRep Admin:
    STEAM_0:1:46187366
    Saw this from work today. Would personally recommend uninstalling it if you also have Steam on the same computer. Company denies it, but companies aren't always very honest about origins of their data breaches. So it could very well be something nefarious going on.

    Another likely candidate though is password re-use. A lot of social networking sites had their entire username/password lists stolen, and if you use the same password on TeamViewer...
    https://nakedsecurity.sophos.com/2016/05/31/65-million-tumblr-passwords-stolen-and-up-for-sale/
    https://nakedsecurity.sophos.com/20...be-the-biggest-ever-half-a-billion-passwords/
    https://nakedsecurity.sophos.com/20...nkedin-passwords-up-for-sale-on-the-dark-web/
    Needless to say, if you use the same password in Steam, you should probably change that too.

    Edit: Apparently TeamViewer is also allegedly requesting/demanding bloggers (with some degree of legal threats) state they weren't hacked and onus is entirely on users, which seems like a kind of sketchy damage control. I would definitely recommend removing TeamViewer from all computers you have it installed on, whether or not you have evidence of being hacked - at a very minimum until there is a solid answer to why this is happening. Then from a different computer (if possible) carefully check all Amazon, PayPal, eBay, banking, and other sensitive accounts for transactions you do not recognize. Same with Steam, although sadly if your inventory or Steam Wallet was emptied out there's nothing you can do to get it back. Could be password re-use, or could be yet another major data breach and not-unheard-of horrible cover-up.
    Last edited: Jun 3, 2016
    Lava, Jun 3, 2016
    #3
    a Gentleman likes this.
  4. a Gentleman

    a Gentleman SteamRep Moderator Partner Community Donator - Tier V

    Messages:
    2,674
    Steam:
    STEAM_0:0:25990581
    Can confirm. My friend had TV installed and recently lost access to his Facebook and email accounts.

    May be a coincidence, but knowing the depth and seriousness of this breach...
    a Gentleman, Jun 3, 2016
    #4
  5. Sebastian Nielsen

    Sebastian Nielsen New User

    Messages:
    36
    Steam:
    STEAM_0:0:5443765
    This is why Cloud solutions are so insecure. Because they rely on the security of a external server, that imposes a insecure password authentication.

    Thats why its better to have a locally hosted remote control, like VNC or something. Even if VNC is unencrypted and "insecure" in that fashion, its more secure because you can in the router port forward configuration, limit the port access to a subset of a specifically accepted IP-numbers.
    Then it won't matter if someone has your VNC password, they must be from the right IP too.
    Sebastian Nielsen, Jun 6, 2016
    #5
    Roudydogg1 likes this.
  6. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    That is nice if its fixed IP's, but in a lot of places they have dynamic IP's, which make it a problem. Also, spoofing a IP and relay traffic is maybe a bit harder, but not impossible to do... knowing which source IP is then "key",
    And also be possible by being so close that the spoofed IP's get routed over a controlled network to redirect the traffic... which is pretty hard, but depends on the ISP of the victim. There are plenty of poor country ISP's or bad ISP's that don't configure it well or update their routers with newest OS / Firmware etc to protect against exploits.

    Ofcourse, if someone is able to do that, then the remote desktop VNC is .... far beneath them, for they can get a very well paid job at any ISP or network provider on securing their stuff.

    It should not be difficult for them to secure it for real. Problem is, they want control, which is the actual problem. If the account was purely for accessing their services by using their forwarding servers for passing the firewalls via the clients, then it would be valid, encryption from client to client, and not using the account to "authenticate" the connection, but a local saved key pair that gets authenticated upon connect. Not having keypair on clients? re-auth the remote admin... Ofcourse, the keypair should with every end of the connection be updated...
    SilentReaper(SR), Jun 6, 2016
    #6
    Roudydogg1 likes this.
  7. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,864
    SteamRep Admin:
    STEAM_0:1:34690691
    Horse, Jun 7, 2016
    #7
  8. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    nice and all, but on the reddit thread where also ppl hacked that had actual 2 factor authentication on when this happened.... read somewhere in an article a IBM security researcher had this happen to him.
    SilentReaper(SR), Jun 8, 2016
    #8
  9. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,864
    SteamRep Admin:
    STEAM_0:1:34690691
    Nothing is 100% secure - can't live in fear otherwise may as well go dig a hole and stick your head in it. Unless of course your also afraid of the dark ;)
    Horse, Jun 8, 2016
    #9