4

As seen in the news (June 2016):
There have been hacking activities through TeamViewer.

Currently it seems this was mainly because of careless end users.
For example:

  • I have an account at LinkedIn with username "[email protected]" and password "Banana53"
  • And I use the same username and password at TeamViewer
  • Now by some leak, hackers get access to cleartext contents of my LinkedIn account
  • So they try to use the same username and password for different services - refer https://haveibeenpwned.com/

In response the TeamViewer corporation:

So far, so good.
But I'm having difficulties in understanding the exact security configuration of TeamViewer.

--

For family and friends I'm doing a lot of "remote administration" (unattended access) and "remote support".
so on the target machines I have installed either TeamViewer Host 10.x or the full version - and linked it to my TeamViewer account.

I have set a "personal password (for unattended access)".
and I have not enabled the checkbox to grant my account "easy access".
screenshot from TeamViewer Host 10.0.47484:

enter image description here

Problem description:

  • On my local machine I open TeamViewer and log into my account.
  • When establishing a connection to any of my remote machines I never get asked to enter any password.

So whenever somebody hacks into my TV account (due to whatever reasons), the hacker will automatically get access to all machines that are linked to my TV account.
The "password" feature seems to be broken?

How do you make sure that it's mandatory to enter some TeamViewer password as configured for the remote machine?

Improve this question
2
  • This only buys you time, so you'll still want to monitor the connection logs if you want to be certain; unless you can get TeamViewer to ask for a password on a secure desktop, they're only a keylogger further away.
    – Tamara Wijsman
    Commented Jun 5, 2016 at 18:52
  • TeamViewer is claiming that it's simply password reuse but why such a flood now? And why the reports of DNS shenanigans?
    – Loren Pechtel
    Commented Jun 6, 2016 at 2:11

2 Answers 2

Reset to default
1

the answer to the initial question:

for some strange reasons teamviewer automatically sets and stores the password for the remote machine in the TV account that it's linked with.

to clear it:
in your TV account open the properties of the remote machine and clear the password field. from now on it will ask you to enter the password when connecting.

enter image description here

Improve this answer
0

Use 2 factor authentication

Don't reuse passwords on other accounts EVER!!!

Set TeamViewer to ask for a password every time you log in

Setup TeamViewer to require an ID and password to be entered whenever you connect up to a remote relative's computer. It ensures they are there and they want you to access their system.

Too many people have given up security for convenience.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .