Anyone working on latest TV Hack?

2»

Comments

  • So, if anyone is tired of waiting for an official answer...why not just set up two computers on the same subnet with an older version running on one of them, and try the exploit and see whether it works or not, then report your findings to everyone?

    "But you might..." - Captain Smek
  • Well yeah, but I can't imagine why TeamViewer doesn't do just this. It does not seem like an unreasonable expectation.

  • It does seem reasonable. I would say it's likely that a step like that would go against some of their internal procedures (possibly), and also they could be looking directly at source code to see any problems (not a bad idea, but slower). 

    Or the other possibility is that they're more worried about about 11+, and previous versions aren't a priority to them. I don't like that possibility as much, but it's a reality that this could be the case. 

    "But you might..." - Captain Smek
  • Esther
    Esther Posts: 4,051 Staff member 🤠

    Hi there,

    I would like to give you a heads-up on the process at TeamViewer in regard to this matter.

    I apologize that it took a few days to post this update, but please rest assured we take this matter extremely serious and continue to review it.

    Let me provide you with a Q & A about the matter. Please excuse that I am repeating some parts of what I posted earlier, but I think it is good to have a complete overview:

     

    What is the permission hook exploit?

    The permission hook exploit is a vulnerability that pertains to TeamViewer’s Windows, macOS and Linux versions and concerns TeamViewer’s set of permissions. In two different scenarios, attackers could either gain control of the victim’s mouse or switch sides to gain control of the system. However, a cybercriminal cannot randomly attack any TeamViewer installation as the exploit requires a running session.

     

    What is the guidance TeamViewer can provide to address the permission hook exploit?

    Remote support sessions should only be conducted with trustworthy parties. Even the permission hook exploit cannot be applied without a typical social engineering scheme.

    Remember big organizations do not cold call you to inform you about a potential flaw of your device. If you receive a call like that, just hang up! If you are concerned about your machine, take the initiative and have a trustworthy party look at it.

    For the use within organizations, it will be helpful to remind employees that remote sessions should only be held with trustworthy parties.

    In addition, users should always update their software and only download TeamViewer through the official channels.

     

    What is the impact of the permission hook exploit?

    The impact of this exploit is limited. Cybercriminals cannot just randomly attack any given TeamViewer installation. The exploit can only be applied after a legitimate TeamViewer session has been established. So even if a TeamViewer version is susceptible to this potential threat, it only becomes an issue if users join in sessions with a rogue participant. Additionally, every TeamViewer user has the ability to end the session at any time to terminate the attack.

     

    How did TeamViewer find out about the exploit?

    The Proof of Concept (PoC) was first published by an external security researcher on GitHub. TeamViewer discovered the PoC in a monitoring routine that is continuously run to identify potential threats.

     

    What is a typical use case for the permission hook exploit?

    The exploit could be administered in a typical tech scam, and hinges on social engineering. Scammers very often have their victims connect to their – i.e. the scammer’s – computer first. From there they coax them into confirming a switch of sides so that the scammers can access the victim’s device.

    With the permission hook exploit, scammers can switch sides without having the victim confirm that first. Still the victim can end the session to terminate the attack.  But as has been pointed out before, there is no feasible approach to exploit this vulnerability without a social engineering scheme.

     

    How and when did TeamViewer respond to the discovery of the vulnerability?

    TeamViewer responded immediately to contain the threat. After TeamViewer learned about the issue on Monday, December 4, 2017, hotfixes for Windows were provided on Tuesday, December 5, 2017. macOS updates were released on Wednesday, December 6, 2017. Updates for Linux appeared on Thursday, December 7, and Friday, December 8, 2017.

    Updates are available for TeamViewer versions 11-13. The vulnerability also affects the QuickSupport and Host module. Patches have been provided accordingly.

     

    How can the TeamViewer software update be received?

    The reception of the available updates depends on the setting in the TeamViewer client. Users who have not enabled auto updates in the software will receive an in-product message that will ask them to update their client.

    Users with auto updates enabled will receive the update automatically.

    However, TeamViewer encourages all users to manually initiate the check for updates. Because even with the auto update enabled, delays may occur because of the frequency set for the update checks in the TeamViewer client.

     

    Why did the TeamViewer change logs not immediately reflect the vulnerability?

    This delay is due to organizational processes. We apologize for any inconvenience that may have caused.

    TeamViewer will provide proper change logs that will reflect the vulnerability adequately.

    The latest versions that include the hotfix – as of December 12, 2017 – are as follows:

    Windows:

    TeamViewer 13: 13.0.5640
    TeamViewer 12: 12.0.89970
    TeamViewer 11: 11.0.89975

    Mac:

    TeamViewer 13: 13.0.5640
    TeamViewer 12: 12.0.89970
    TeamViewer 11: 11.0.89975

    Linux:

    TeamViewer 13: 13.0.5693 (Host: 13.0.5641)
    TeamViewer 12: 12.0.90041 
    TeamViewer 11: 11.0.90154

     

    Is there an official statement available on the TeamViewer website?

    Yes, the statement about the issue can be read and downloaded at:

    https://www.teamviewer.com/en/company/press/teamviewer-releases-hotfix-for-permission-hook-vulnerability/

     

    Thank you for your patience and your understanding. In case of any further questions please feel free to post them in this thread and we will work on an answer.

    All the best, Esther

    Former Community Manager

  • That still doesn't really address the pre-11 versions. 

    "The impact of this exploit is limited. Cybercriminals cannot just randomly attack any given TeamViewer installation. The exploit can only be applied after a legitimate TeamViewer session has been established. "

    So, had this been known in 2016, it could have been far worse. (I'm referring to this instance: https://blog.teamviewer.com/recent-cyber-attacks/). In this instance, they were randomly attacking any given TeamViewer installation using weak passwords, probably from a huge list from previously hacked sources...so if people didn't take steps to secure their accounts with 2fa, etc., there's serious potential for another attack using the password reuse thing, then firing the exploit to switch screens.

    So we still need to address whether or not the older versions are affected. 

     

    "But you might..." - Captain Smek
  • CEBU
    CEBU Posts: 1

    Hello! We use Team Viewer ver.10.0. Does it version have this vulnerability?