Are TeamViewer Credentials at risk?

Chiron

The recent announcement of KRACK Attacks compromising WPA2, I have been asked about TeamViewer passwords being visible when creating a new session. I think everything is encrypted, but I haven't tested with Wireshark to verify.

Does anyone know for sure?

Esther

Hi @Chiron

Thank you for bringing this topic up.

First of all: TeamViewer is secured, regardless of the network setup on the end-user side.

As you may have read elsewhere, securely encrypted network protocols such as HTTPS and VPN are not weakened by the WPA2 vulnerability.  TeamViewer communications is similarly encrypted and not directly exposed by this risk.

Having said that, all entries in the computers and contacts list are encrypted.

For authentication we use SRP (https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol). This means no password or password equivalent data is send over the network during authentication.

Therefore, the WPA2 issue does not impact TeamViewer (i.e as a software or as a company) nor is it relevant to our product.

I hope this answer is helpful.

All the best, Esther