DBSA:2016-06021
Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Contents
Digibase Security Advisory - Teamviewer Compromise (Unconfirmed)
Keywords: teamviewer, remote administration, service compromise
DBSA ID: 2016-06021
Regarding: Teamviewer Compromise (Unconfirmed)
Writeup: Kradorex Xeron (talk) 01:33, 2 June 2016 (EDT)
Date: 2016 06 02
Last Modified: 20160602012148 by Kradorex Xeron
Who should take note: Teamviewer Users, Systems Administrators, Remote Support Personnel
Classification
Priority: HIGH
Rationale: Action must be taken immediately to isolate oneself from the incident.
Severity: HIGH
Rationale: Financial and user system security is at risk.
Spread of Issue: MULTI-PLATFORM HIGH
Rationale: Teamviewer is a popular software package deployed by numerous individuals, families and organizations to manage user systems remotely.
Description
Teamviewer is a software package for remote system management to enable system administrators, support personnel and helpers to remotely operate computer systems to ease management of the same. Teamviewer offers a centralized mechanism of their software that is managed by their servers to enable their users to manage multiple systems through a central portal. On 1 June 2016, it was detected that the Teamviewer central service infrastructure was taken offline followed by reports of customer paypal accounts having their funds stolen and other reports of systems being compromised running the software.
It is suspected that usernames, passwords, email addresses, customer financial details, system information have been compromised despite the vendor's indication.
Users and organizations who use Teamviewer seperate from this infrastructure and are not signed up with the vendor's centralized service do not appear to be affected at this time.
Mitigation/Solution
Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.
Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.
Users who are in use of the decentralized, traditional Teamviewer may wish to disable or uninstall the software to be safe.