TeamViewer = Dangerous

Thursday, June 2, 2016 @ 3:16 am

There have been reports that people running the remote desktop program TeamViewer on their computer(s) have had random people accessing their accounts and sending themselves money via PayPal or buying things online. TeamViewer denies they were hacked. Meanwhile, the TeamViewer subreddit is exploding with threads about people getting hacked.

This post will walk you through on how you can secure your computers.

There are three options:

  1. Temporarily uninstall TeamViewer from all your computers until they figure out the core issue
  2. Uninstall TeamViewer completely (and optionally explore alternatives)
  3. Stick with TeamViewer but harden its security.

If you want to do step #1, I recommend you uninstall TeamViewer and not just close it (as it typically runs as a service in the background and would probably still be running).
If you want to do step #2, Chrome Remote Desktop is free and offered by Google.
If you want to do step #3, continue reading.

Personally, I’ve completely uninstalled TeamViewer from all of my machines. I’ll check out alternatives if I really need to remotely access my computers in the future.

There are several reports of people having their computers taken over via TeamViewer even though they had a strong password and two-factor authentication enabled.

It’s not yet clear what the issue here is, weak passwords or a vulnerability/exploit with TeamViewer, but it’s not worth keeping TeamViewer on my computers (for now).

Preventing Random Access

The following steps take only minutes to do but they will greatly increase your security by disabling easily bruteforceable spontaneous access as well as ensure only your account can access your devices.

You must perform the following steps on all devices that are running TeamViewer.

  1. Open TeamViewer
  2. Go to Extras => Options
  3. Click on Security in the left-hand menu
    TeamViewer Security Options
  4. Set your Personal password (for unattended access) to something secure
  5. Make sure “Grant _____ easy access” is unticked
  6. Set Password Strength to Disabled (no random password)
  7. Set Windows logon to Not allowed
  8. Click on the Configure… button beside Black and whitelist
    Setting up whitelist rules
  9. Tick Allow access only for the following partners
  10. Click on the Add button
  11. Select your own account then click on Add, and then OK

Changing Your Password and Enabling Two-Factor Authentication

The above steps are useless if you have a weak password.

  1. Log into the TeamViewer website
  2. In the top-right corner, click on your username then click on Edit Profile
  3. Go ahead and click on Change Password and set your password to something more secure (this site is fun)
    TeamViewer account settings
  4. Once you’ve changed your password, this is optional but I highly recommend you enable two-factor authentication. For two-factor authentication, you will need to install an app on your phone and scan a QR code that TeamViewer provides you.
    Click on Activate beside Two factor authentication.
  5. It will walk you through the process:
    1. Install a mobile app for your device (I recommend FreeOTP)
    2. Scan the QR code TeamViewer provides you with the mobile app you installed
    3. TeamViewer will ask you to enter a six-digit code from your mobile app (which changes every minute)
    4. Enter it, and two-factor authentication will be enabled for your TeamViewer account.
  6. From this point on, you will need to have your mobile device with you when you want to log into TeamViewer (to generate the 6-digit code, which TeamViewer will ask you for after you enter your username/password)

Lock Your Computer

Get into the habit of locking your computer when you step away or are not using it. It’s as easy to do as pressing the Windows Key + L for PCs, and Control + Shift + Eject/Power for Macs.