Having problems with IoT Token renewal

contrasia · 2021-04-20T14:12:20+00:00

There was an error rendering this rich post.

Hi, I recently had my Teamviewer account compromised for a whole month without realising. During this time, an app was added to the teamviewer account, that granted them a lot of power and they used it to inject a RAT onto my mobile granting them full access to.... well everything. They appeared to of used the IoT section of the account to achieve this.

I've renewed the API key, but I'd like to renew the Assignment token in order to ensure all the IoT devices cease communicating with the App (Which now operates outside of the Teamviewer service using the same Token). However whenever I click on Renew, it just infinitely circles on the button and thinks, but never actually renews the Token. I don't understand most of this stuff, so am I doing anything wrong? Is there another way to renew the Token? Does the Token do what I think it does (Links it to a valid session on the App or Teamviewer service)?

And what should I do? (Already changed the password, added 2FA, and my email password too, but I still have a lot more passwords to change). Is there a central authority in the UK I should report it to for investigation? (Though I've removed everything from the account, so I'm not sure what they'd be able to do beyond the screenshots and pictures i've taken of it).

Find more posts tagged with

Hacked

API token permissions

Accepted answers

mircea_c

Hi @contrasia

The token is getting created when you are doing the login on the Teamviewer IoT Management Console.

On the other account you do not have it because you did not login there.

The token is used to sync services beetween the IoT Platform and Teamviewer Platform, it is for internal usage.

Regards,

Mircea

All comments

mircea_c

Hi @contrasia

This App "IoTCloud_Live_Current" is legit and is created for every Teamviewer Account.

So you no need to worry.

I am very happy that we could help you,

Regards,

Mircea

mircea_c

Hi @contrasia

The token is getting created when you are doing the login on the Teamviewer IoT Management Console.

On the other account you do not have it because you did not login there.

The token is used to sync services beetween the IoT Platform and Teamviewer Platform, it is for internal usage.

Regards,

Mircea

mircea_c

Hello @contrasia ,

The Teamviewer IoT Platform is using the same account(login credentials) that you are using for you normal Teamviewer solution. So, if you have changed the password, it will get automatically renewed also for this. Also activating the 2FA was the proper solution.

From you message, I got that you have checked the “Apps” menu. Here, for our apps/platforms to communicate with each other, apps are getting created automatically. Can you please share/write what apps are appearing there for a checkup? Also, if the attacker had access to your account, he had the possibility to create manually apps.

I have renewed my Assignment token and is working. Could be a browser issue with the cache/temp/cookies files and I suggest clearing them and try again.

The Assignment token is used to add the devices to your account.

Regarding the security for your account, in addition with what you already did please visit our “Security Handbook” section also.

Regards,

Mircea

contrasia

I have a screenshot, but it says at the bottom to never share the info with anyone you don't trust, if you think it's safe to share I can post the screenshot of all it's permissions, as it has two added Hidden permissions applied, one of which in theory should allow the app to bypass 2FA.

For now I'll just post the name of it in the hopes it's a generated one you recognise. Let me know if you want the full screenshot.

The title is: IoTCloud_Live_Current

Description: created on 17-03-21 Added permissions for Analytics Cube.

This app keeps reappearing on the account every so often. I've revoked it multiple times, and take in mind that I neither know how to nor never use the IoT section, so If it's generated by the IoT bit, I have no idea why or how it's doing it without me interacting with it. The last thing I did was change the API key and token, and removed the default groups, channels, and notifications that were there.

edit: Btw I want to thankyou for replying, I really really appreciate any help or insight you're able to offer in the matter. I'll read the Security Handbook you linked and do any additional steps it mentions that I haven't done.

contrasia

Do you know what triggers the creation of this template? I have another teamviewer account that doesn't have it and it's a bit worrying that one account is creating it often, whilst the other is completely free of it without any problems.

I am a lot more relieved to hear that it's a template of sorts, but I still need to confirm that nothings going on. Is there a part of the Teamviewer service you need to access or use to make it appear? Also what does it do? The permissions seem a little overkill for something that's created automatically. The name suggests it keeps track of your IoT devices, but I've never connected any devices apart from my computer, and I've never used the IoT section (Until this appeared, and only then to remove/refresh codes as caution).

Is it made when establishing a connection for the first time, and does that happen when you establish a connection to a computer (A standard remote session), or is it more specifically for IoT as the name suggests (Which again, I've never added my IoT devices to or made a connection with them to the Teamviewer service (including my phone, which I've never installed Teamviewer onto)).

Really sorry about this, I'm just trying to understand what's going on (Quite anxious). I am so so happy that you're helping me, and it makes me feel so much better to hear back from you ^_^;

contrasia

Drat. So since I had never accessed the IoT management console until after I'd noticed it, that'd suggest someone had access and used or if not at least accessed the IoT management console on my teamviewer account.

That or I accessed it and forgot about it, then saw it months later (A possibly more likely probability).

Thanks again for all your support in the matter. I really appreciate all your input and help in providing the explanations and relief I very much needed.