Reassignment of unique IDs

Hi all,

TeamViewer is constantly working on the best security and service for our customers.

In order to deliver on this pledge, TeamViewer’s team and leading security researchers perform regular threat prevention analysis to identify inconsistent or suspicious behaviour within and beyond our network.

As a result of our continuous prevention analysis, we detected patterns of connection attempts that seem to be at odds with normal TeamViewer usage. As this observation was limited to a small subgroup of endpoints, TeamViewer decided to invalidate and automatically re-assign all TeamViewer IDs within this subgroup.

The precautionary measure has successfully been rolled out to full effect. For a short period of time, some users may experience service degradation, which will be resolved as soon as possible.

Best,
Esther

Find more posts tagged with

Security

Comments

Silver_2000

Like many licensed customers that pay WELL for the software, many of my connections were renumbered by Teamviewer after a breach of some kind on their end. So now when I look at my reports I see Unnamed devices.

Its exceedingly difficult to BILL unnamed devices ... This is a HUGE fail for teamviewer.

Ive submitted a support request, im curious what suggestions they will have

zelezni

Hi,

I have a need to learn all the new IDs of our client computers. The only way I'm aware of is to check them in Computers & Contacts list (fortunately we have all our clients in the list). Is there another way to get these new numbers. An export or something?

Thanks,
zelezni

KZevchik

This has happened to me as well, many of the remote systems are completely remote, there is no person there to tender to it or even monitors hooked up to the PCs. These systems are specific to a particular need or use and not utilized as a standard PC, which is why we used TV for remote access. When these IDs change there is no way to find the new ID except to drive/fly to the location, hook up peripherals and monitor, disable the utility software and check TV. This will cost thousands $$$! Called TV USA and spoke to the most smug POS technical support agent (I use the last 3 words very loosely), he offered no assistance, no apology, no support, then tried to feed me the line "Teamviewer sent out a notification that this was going to happen prior executing the security patch". **bleep**! I guess now I get to look for a new remote support system with better stability and customer service.

worldwidewebdev

I'd like to know what metrics are these which indicate unsuccesful attempts anyway, I dont see unsuccesful attempts logged on my system? I can see unsuccesfull attempts on RDP, its reported, but not TV. They keep this away from us i guess. As far as i recall the more you attempt to get in incorrectly on Teamviewer the more time you have to wait between attempts. If a hacker was curious enough and attempted many times he may have to wait a millenium before getting another chance, brut force cannot work, yet they changed the locks for us and that leaves the hackers with only one task , to find the doors and try their keys once again, they are back at the begining, yet we are **bleep**. It doesnt make sense.. Block IP's, set time locks, but this knee jerk solution must have seemed easy for someone at TV. Gees i wish this forum had spell check!

The word **bleep** j-e-r-k as in Knee je r k gets Bleeped in this forum,, well there you have it, if they cant handle a je r k, how in **bleep** they gonna handle a company.

TrickyKitty

As a result of our continuous prevention analysis, we detected patterns of connection attempts that seem to be at odds with normal TeamViewer usage. As this observation was limited to a small subgroup of endpoints, TeamViewer decided to invalidate and automatically re-assign all TeamViewer IDs within this subgroup.

My interpretation of this explanation is that, rather than take the time to hunt down the hackers that are attempting to break into the computer homes of unsuspecting users, TeamViewer has instead decided to change the metaphorical locks on all the doors without telling the owners or anyone else that has a spare key and leaving them to figure it out all for themselves.

That'll show those pesky thieves! Way to victim blame!

I really wonder how this decision is going to keep said hackers from continuing exactly as they have been all along, randomly trying out new IDs and attempting connections?

Also, I can only assume that by changing a "small" subgroup of IDs without notice TeamViewer's metrics for measuring connection attempts just got skewed by the actual, legitimate users now having numerous failed connection attempts, rather than the previous [users with successful connection attempts + hackers with failed connection attempts] metrics that led us into this situation in the first place.

1Sherman

TV reassigned unique ID's with out warning... fine, my Computer Names / Contacts remained sync'd with the unique ID that TV assigned and I was able to connect... BUT... to do the Report after the reassignment - I have a bunch of 'unknowns' because they are the OLD ID's

Needless to say, how does one do the accounting of time when they're all 'unknown'

Call tech support - out of their hands.

Teamviewer - thanks for keeping me secure, but next time, warn us so we can make a report and be able to properly account for time/computer.

I guess we will just have to eat the time allocated to 'unknown'

worldwidewebdev

An update on how it has been resolved, "Not through Team Viewer Support" They haven't even replied to my support email as yet.

Options that were open to me in light of this situation:-

1) Visit sites physically, and reinstate team viewer whitelists, noting all current Id's at the same time.

2) get someone else to visit or a tech onsite (in data centres) to do the same.

An email alert from avast anti virus on one of our machines reminded me and sprouted an idea, it became fruitfull!

# The actual solution which was not aparent at the time and i had actually forgotten about this alternative.

We run Avast Business anti virus (formerly AVG Cloudcare) on most machines. Avast (AVG) has a free Premium Remote control as part of the package. I had totally forgotten about this as we use teamviewer for remote without question.

I have logged into the Avast Portal, connected with with the remote app similar to TeamViewer and reconfigured the Teamviewer whitelist. Problem solved. I'm In! 1 Machine done, 455 to go. Avast has a user agent within the machines and comunicates with the portal at all times, if Premium remote is not enabled on the portal to a certain machine it is just a click away to deploy from within the portal itself. Avast does not keep an id listing for each machine the administrator must click on connect from the one machines portal and it opens a new connection app and connection to the machine itself therefore allevieating the issue Team Viewer has caused with the "ID's" changing.

Luckily some of the other machines missing due to Team Viewer Id changes are listed and online with Avast, therefore i can deploy remote connections by adding the service within the portal to these machines, connect and determine their TeamViewer Ids and reconfigure whitelists. HooRay!

Hopefully someone else can have success with this type of option, maybe other antivirus approches can offer ways of ascertaining machine IP, remote access and offer a means to rectify this mess.

BeuningenIT

Until today we never knew what was going on, until a customer called to get some remote support. The machine was however down in our list, customer said it was up and running, that's weird.

After a while we found out that the ID was changed. A quick Google search led us to this topic. Funny thing is, TeamViewer NEVER told us that something happened. We just called their support and all the guy said to us was "we've had a server crash and unfortunately we can't fix this for you".

Is TeamViewer going to pay the hours that we're going to spend on fixing this issue? Don't think so. All in all, this is a horrible situation and unacceptable.

OJ-CTS

Not good! This will cost us thousands of euros. We have several 100 customers in our computer contact list. We have lost connection to many of them because the ID has changed. Our Technisians risk to drive many km to service our customer. Many pc's is unmanned and we can't tell the reason why we lost connection.

We have been loyal customers for many years. Always paying the never ending upgrades with no real changes (2x5 licenses) - and now the monthly fees.

I hope you will fix this issue and update our list with the correct ID now or we will look after another solution. Great product but the company behind is amateurish.

Filip / O&J CTS.

SabrinaReich

to put it in perspective? We still face problems accessing some machine, have to use **Third Party Product** to access - we are talking here about a professional - not cheap program - now monthly service on which people rely... the reputation and trust is vanishing. How to explain to clients - oh we have to use another remote access software and we have to do the settings again etc... noone will pay this - we as clients of teamviewer rely on the service and a simple sorry or a supporter on the phone does not do it. How can it be that the management console is not able to export a list of id's? In the mentioned post of 'putting it into perspective' you talk about M... software suite... there I can make backups of the installation, save everything - if an update kills something I just can go back... but with teamviewer I don't have a backup function. The comparison is not really valid, anyway why compare to 'worse' scenarios, that doesn not make the situation better. Fact is that a lot of professionals have lost lots of time and money due to this incident and most of us will offer our clients something for the hassle respectively not charge for the surplus hours involved. What is teamviewer offering us for the loss? I don't see any official statement for what really happened and what is still going on and I have a lot of colleagues facing still the same problem that some machines are suddenly not available. I repeat myself, but this is just not acceptable.

mLipok

@KKarl wrote:
,,,,,,,Other companies change their product continuously without asking, removing features, dumbing down their products. TV has not removed any capability that I can recall, and takes backwards compatibility seriously (I use v6 on some systems!).

For me using such old product is quite big security issue, especially when you look in GDPR !

mLipok

I have old connections reports saved to CSV and then exported to our CRM.
I had to write AutoIt Script to compare this CSV and ADD this old ID with "Old names"

drakorg

"A decision made by someone who should not have decision making ability" pretty much sums it up.

worldwidewebdev

Ok, this is my situation and as i cannot solve it myself i will place it here.

1) Team viewer was decided upon as the weapon of choice and installed on 466 machines , servers and workstations.

2) Whitelists were created to allow only teamviewer ID's authorised for access

3) Managers and support persons "ID's" were whitelisted for access to authorised machines.

4) RDP to servers was disabled as it posed a security threat by leaving port 3386 open, TV was thought as a better option due to "ID" whitelisting. Workstations did not have RDP enabled regardless.

5) Somehow TV in all their wisdom changed ID's due to the "Atodds" reasoning.

6) Number 4 seems to have been a terrible mistake

7) Number one was obvioulsy the most terrible mistake.

8) We now have an inability to loacate most of the 466 machines with old ID's and cannot identify most at all because we dont have access anyways.

9) Servers are identifiable via public IP but have limited "IF" any known way of access because we use "TEAM VIEWER" for access and that has been taken away merely by an "At Odds" reason and decision by someone who should not have decision making ability.

10) SSH isnt working, never was used on these machines and the most important one is in a DATA centre in Melbourne

So that is the situation and Team Viewer support, albeit nice and helpful cannot help me get back in. My options are to fly back to Australia and visit every physical machine "OR" send someone in Australia out to do the same.

Great! Team Viewer you just made my week. I pay you for a service, now i have to pay to someone to get the service back up and running because of an "At Odds" decision by you guys.

Yes this may seem like a RANT, but think about it and give me an option other than the two stated above, ill be happy to take it onboard because at the moment i am stuffed! With no where to go, except to Australia. And yes this is serious. Not a made up story, fact and i am furious!

Yet im supposed to keep calm and sip coffee. Can someone help me get into a Server 2012 without RDP and a Team Viewer system that doesnt work???

The best option for me would be to get my old TV Id back on my Mac, connect remove the whitelist, let anyone in and all is good. But how do i get back an ID? Well TV says NO. Great, close shop because of TeamViewers security ideas.

plwc

To the people who said that they are satisfied that teamviewer have said it's unlikely to ever happen again, well it already did.

Yesterday I had several more endpoints suddenly change their id making them unreachable.

This isn't just a once off **bleep** up. They have stuffed things up over and over and have no friggen clue how to manage changes and how things should work.

Last year it was randomly opening up the clients microphone whenever I connected and it did this without any notification.

Then they released an update to the web console which broke several key features making it useless for a couple of days.

As an administrator for our corporate licnese, I have buggger all oversight of what computers other techs when they don't put it in to one of the groups I created or share their groups to me. Instead I have to contact them all regularly and remind them to move everything in to appropriate groups. This is so **bleep** labour intensive. The license is paid for by the company and the administrators should have full oversight.

Even now there are still issues. Our polices prevent users from uninstalling the products and since they have now dropped off and no longer recieve policies, I've had to start traveling out to individual sites, get the customer to stop work, log in as local admin, unisntall and re-install and reassign.

I'm just really glad the endpoints I have in China didn't drop off!

Anyway, afer travelling out to the first site to do the first re-installation today, I found that it didn't show up in my list as expected. After several hours of screwing around trying to figure out why not I happened to find it in the "unknown" list of a different teamviewer account to the one I assigned it with!

Teamviewer has reasonable pricing and better features than some of the others but what's the point when the features randomly don't work?

worldwidewebdev

@Esther Guess your seeing a lot less abnormal usage rates now as no one can conect to their machines. I am half way around the world with 466 machines on my account and blacklisted due to this change and an original whitelist created with ID numbers not email accounts on the remote computers. (Thanks for letting us know that we should all use email accounts for the whitelists by the way). I also am constantly working on better ways to manage my clients security and in turn TeamViewer has now dropped down to the bottom of the list for secure, reliable remote connections due to TeamViewers policy of delivering its pledge of best security and service to its customers. Obviously if its customers use teamviewer at "odds" with teamviewers normal usage, teamviewer will with all of its wisdom change all TeamViewer ID's that are at "odds" untill usage rates are reduced within "odds" of normal usage.?? Whatever an "odds" measurement means in this case. So, i also guess teamviewers customers retention will drop within "odds" of smaller companies. I am going back to ssh and command line remote management. TeamViewer reliability is no longer apparent and the TeamViewer gloss is no longer required. Thanks for securing my TeamViewer ID account so that i may be free from hackers and at "od" connections. If the ID's are not returned its likely a flight accross the world is in order unless one of those hackers can get into the systems so that i may whitelist myself once again! Any takers?Seriously? im at the end of the line!

KKarl

I think it is worthwhile putting things into perspective here. Yes, this was a dangerous and annoying mistake, but TV have been responsive, both on the forum, and on the phone. They indicate to me that they are very unlikely to take this sort of action again in the future, or at least not in the same way without announcing to customers.

Compare this to many other major software companies (no names mentioned, but a large one starting with M comes to mind):

Other companies don't communicate, so you cannot even determine if they did anything (whereas TV readily confessed)

Other companies make it virtually impossible for you to phone them for support, and when you do get in touch, you talk to a low level support person who tells you to reinstall your operating system. With TV, you can phone supports and speak to a knowledgable tech.

Other companies change their product continuously without asking, removing features, dumbing down their products. TV has not removed any capability that I can recall, and takes backwards compatibility seriously (I use v6 on some systems!).

sopmitsupport

At this point, I would think that they could have offered their customers something. Free version upgrades, additional connections, service queue access, etc... things that could help people resolve the issue faster and cheaper.

I don't forsee giving them any more money.

Amateur

In response to KKarl:

Well, TeamViewer Support (whith whom I had opened a ticket) *did* come back to me - but only to tell me that the ID had changed on purpose. This is of course not good enough.

I also received private messages from Esther. But their content is vague.

I have asked TamViewer GmbH - both in my support ticket and on this Forum - to come with an official statement that TV IDs will never change again. Such a statement remains to be seen.

In this somewhat frustrating situation I could not resist temptation and contacted c't. Let us see if they write about it. (for non-Germans: "c't" is the most important computer magazine in germany).

P.S. Esther, you need not translate your messages into Danish, I speak both English and German quite fluently. Fortsat god sommer :-)

SabrinaReich

It is absolutely inaceptabel what TeamViewer did. The last weeks we had so much trouble because of that. So many unasigned ID's, it took hours to reasign back, but all notes, password etc are gone. Not to talk to a lot of we have to reasign completely as many said here before no one will pay for that and trust of clients is lost! No official statement. We pay enough for professional service that at least there should be a solution, a backup list at least. Did anyone get any official feedback from teamviewer?

KKarl

Hi Amateur. I sense you are a fellow engineer who is constantly dismayed by "upgrades" that destroy good products and turn them into "cool" looking heaps of garbage. To see this Microsoft type behaviour at TV is very disappointing.

UPDATE: OK, TeamViewer have redeemed themselves. Their support team responded, both on the forum, and on the phone, in a very timely fashion. I get the impression they will never do this again. I have edited my original version of this comment, as it was overly negative. TeamViewer remains an excellent product, and this is really the first incident I've experienced within 2 years. The issue is not a new "feature" of TV13, it was a specific intervention by TV engineers this one time that caused the problem. They may do it again in the future, but unlikely they will go about it the same way. The remainder of my comment remains below ...

POSSIBLY OF USE: My IDs changed when I logged in from a different (free) TV account. I have a personal TV account, with all my family and friends systems. And I have a company TV account, with 100+ remote systems around the world. I access my personal systems from both. This never caused a problem in the past, but I believe it is what triggered the ID change.

I will be complaining to TV about this. IDs must NEVER change, ever, without me initiating it, and knowing what the new ID will be. Otherwise how do we get to the remote system! That is the entire point of TV.

KKarl

THIS IS VERY WORRYING. We recently switched to TeamViewer, and this week I was unable to access two machines, because the TeamViewer ID magically changed. TEAMVIEWER IDS SHOULD NEVER CHANGE UNLESS I APPROVE THE CHANGE. WE CANNOT DRIVE TO THE OTHER SIDE OF THE WORLD TO REACH OUR CLIENT SYSTEMS.

Can TeamViewer staff PLEASE provide an assurance that my remote TeamViewer IDs will NEVER CHANGE AGAIN?

If not, we will have to move to an alternate product.

marcomrg

can this reassignment change the mac adress of a groups of computers automatic

@Esther wrote:
Hi all,

TeamViewer is constantly working on the best security and service for our customers.
In order to deliver on this pledge, TeamViewer’s team and leading security researchers perform regular threat prevention analysis to identify inconsistent or suspicious behaviour within and beyond our network.
As a result of our continuous prevention analysis, we detected patterns of connection attempts that seem to be at odds with normal TeamViewer usage. As this observation was limited to a small subgroup of endpoints, TeamViewer decided to invalidate and automatically re-assign all TeamViewer IDs within this subgroup.
The precautionary measure has successfully been rolled out to full effect. For a short period of time, some users may experience service degradation, which will be resolved as soon as possible.

,

chipper110

OK, besides all the issues with trying to get the new ID's remotely, what about backups? I had 3 servers using your backup service and since the ID change I cannot access backed up files. I cannot change the ID in your management console. If add the new ID will the previosly backed up files be accessible? Or are the files lost? What a mess!!!

Amateur

So, let me summarize.

TeamViewer decides that security is at risk.

TeamViewer decides to change ID's, causing all those users using TeamViewer for professional purposes GREAT trouble and commercial damage.

First, I fail to see proof for the claimed detected issue.

Second, it is a No-Go to change the ID. It causes more harm than good. Changing the ID forces me to have a second means of remote login (or be willing to drive). Why should I spend money on an unreliable solution? It would be perfect if I received a notification á la "We have detected this and that", possibly combined with other actions. I believe TeamViewer GmbH will be able to find a good solution. But DO NOT change the ID (and how would a changed ID be more secure anyway?)

Third, I would really like to see an official statement how TeamViewer GmbH will respect the needs and expectations of their professional customers going forth.

Torsten

mosesmac

Good question...

simtech

Will the old IDs return or are they permanetly changed? How can I update my connection list without looking on every remote PC for the new ID?

Many thanks

SIMON

JFNorton

Dear Esther, Thank you::

BC_IT_Guy

Which apparently now has made a LOT of Unnamed connections in my connection reports. The problem with that is, now I have NO IDEA WHO to bill for those connections!!! Am using TV 8 for some time with no problems.... BUT does this mean I have to leave thousands of $$ of lost revenue in cyberspace??? Not good TV, not good...

SamMerlio

Following the issues Teamviewer has earlier this week, I have found one of my clients impossible to connect to. All of their computers are blue-lit in my list of contacts, and after conversations with the clients themselves they have the app running with the same original ID number (some changed due to TV security) However I get a connection not established messsage whenever i try to connect. I have got them to restart the Teamviewer service, restart their PC's, re-install Teamviewer, all to no avail. Since the outage i have managed to re-establish contact with all but this client. Can anyone help?