Difference between revisions of "DBSA:2016-06021"

From Digibase Knowledge Base
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
{{DBSAHEAD
 
{{DBSAHEAD
| TITLE=Teamviewer Compromise
+
| TITLE=Teamviewer Compromise (Unconfirmed)
 
| KEYWORDS=teamviewer, remote administration, service compromise
 
| KEYWORDS=teamviewer, remote administration, service compromise
 
}}
 
}}
Line 6: Line 6:
 
'''DBSA ID:''' {{PAGENAME}}
 
'''DBSA ID:''' {{PAGENAME}}
  
'''Regarding:''' Teamviewer Compromise
+
'''Regarding:''' Teamviewer Compromise (Unconfirmed)
  
 
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 01:33, 2 June 2016 (EDT)
 
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 01:33, 2 June 2016 (EDT)
Line 33: Line 33:
 
Teamviewer is a software package for remote system management to enable system administrators, support personnel and helpers to remotely operate computer systems to ease management of the same. Teamviewer offers a centralized mechanism of their software that is managed by their servers to enable their users to manage multiple systems through a central portal. On 1 June 2016, it was detected that the Teamviewer central service infrastructure was taken offline followed by reports of customer paypal accounts having their funds stolen and other reports of systems being compromised running the software.
 
Teamviewer is a software package for remote system management to enable system administrators, support personnel and helpers to remotely operate computer systems to ease management of the same. Teamviewer offers a centralized mechanism of their software that is managed by their servers to enable their users to manage multiple systems through a central portal. On 1 June 2016, it was detected that the Teamviewer central service infrastructure was taken offline followed by reports of customer paypal accounts having their funds stolen and other reports of systems being compromised running the software.
  
It is suspected that usernames, passwords, email addresses, customer financial details, system information have been compromised despite the vendor's indication.
+
It is suspected that usernames, passwords, email addresses, customer financial details, system information have been compromised despite the vendor's indication. Additionally, user systems may have been compromised and activity performed on those systems may be known by attackers.  
 
 
Users and organizations who use Teamviewer seperate from this infrastructure and are not signed up with the vendor's centralized service do not appear to be affected at this time.
 
  
 
==Mitigation/Solution==
 
==Mitigation/Solution==
 
Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.
 
Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.
 +
 +
It is strongly advised to reset any passwords stored in browser "Save password" stores and to perform antimalware scans on systems where Teamviewer was installed.
  
 
Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.
 
Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.
 
Users who are in use of the decentralized, traditional Teamviewer may wish to disable or uninstall the software to be safe.
 
 
  
 
==References==
 
==References==

Latest revision as of 15:26, 2 June 2016

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Teamviewer Compromise (Unconfirmed)

Keywords: teamviewer, remote administration, service compromise

DBSA ID: 2016-06021

Regarding: Teamviewer Compromise (Unconfirmed)

Writeup: Kradorex Xeron (talk) 01:33, 2 June 2016 (EDT)

Date: 2016 06 02

Last Modified: 20160602152641 by Kradorex Xeron

Who should take note: Teamviewer Users, Systems Administrators, Remote Support Personnel

Classification

Priority: HIGH

Rationale: Action must be taken immediately to isolate oneself from the incident.

Severity: HIGH

Rationale: Financial and user system security is at risk.

Spread of Issue: MULTI-PLATFORM HIGH

Rationale: Teamviewer is a popular software package deployed by numerous individuals, families and organizations to manage user systems remotely.

Description

Teamviewer is a software package for remote system management to enable system administrators, support personnel and helpers to remotely operate computer systems to ease management of the same. Teamviewer offers a centralized mechanism of their software that is managed by their servers to enable their users to manage multiple systems through a central portal. On 1 June 2016, it was detected that the Teamviewer central service infrastructure was taken offline followed by reports of customer paypal accounts having their funds stolen and other reports of systems being compromised running the software.

It is suspected that usernames, passwords, email addresses, customer financial details, system information have been compromised despite the vendor's indication. Additionally, user systems may have been compromised and activity performed on those systems may be known by attackers.

Mitigation/Solution

Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.

It is strongly advised to reset any passwords stored in browser "Save password" stores and to perform antimalware scans on systems where Teamviewer was installed.

Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.

References