Rumor has it that TeamViewer, one of the most popular remote access and remote assistance software on the market, has been hacked. While as to date, no one has been able to shed more light on these claims either from the security sector or the manufacturers themselves, there is a sense of fear around this issue.
From what we know so far, the hacking references individual claims that either some accounts have been hacked, or a hole was discovered in the system that could allow an intruder to remotely access running TeamViewer sessions. The security breaches have been highlighted further since the DoS attack on June 1st that took the TeamViewer DNS serves offline throughout the afternoon in Europe. While I still trust that TeamViewer does and will continue to offer the best security measures to prevent outages and security risks, it is also wise for users to take precautions.
My post today is not about truths or tales behind the story, but rather, I will address the way to protect your TeamViewer accounts and hosted sessions on workstations and servers through simple steps.
First of all, PASSWORDS! Change your TeamViewer account password and use a strong one. The following entry discusses what is considered to be acceptable when creating a good password.
Second, do not reuse your passwords. Reusing does not mean using an old password again, but using the same password over and over again. This could be a huge problem if any one of the sites that a reused password is on is hacked. Most people reuse passwords because remembering so many is quite difficult, but it is an easy task if you get an app to do that for you. There are several that encrypt your stored data with AES-256 and you will only have to remember ONE password. Forever!
Did you know that TeamViewer offers Two-Factor-Authentication? Well, now you do so make use it! Click here to start with the enrollment. While 2FA or MFA will not help you much on ‘hosted’ TeamViewer systems, you are limiting the possibilities of your own account being used maliciously.
For hosted and non-hosted TeamViewer systems, one of the most secure methods to protect your active sessions is through access control. With access control and black or white-lists, you can define securely who has access to your hosted devices. Through access control, you can also limit the functions available. By using white-lists, you can define to allow incoming connections from specific TeamViewer IDs. This means that if either my email account firstname.lastname@example.org, company “TresW”, or ID “123456789” are white-listed, only connections coming from this TeamViewer email account, company, or ID will be allowed access the host.
The following images detail the process for using white-lists.