Unauthorized Remote Access...from TeamViewer?

KyleKartan · April 2021

Good morning, I happened to be up early this morning and watched as my computer woke up and started logging in to my banking websites (saved browser passwords are a curse). As soon as I touched the mouse, the session disconnected (shocking). I haven't gotten any "authorize computer" emails that weren't mine. I have since changed my password and activated 2FA. I do not (and have not) have easy access on.

I looked in the TeamViewer logs and saw this at the correct time:

2021/04/21 05:43:33.961 4448 4944 S0 CommandHandlerRouting[4]::CreatePassiveSession(): incoming session via CA-MON-IBM-R006.teamviewer.com, protocol Tcp

2021/04/21 05:43:34.081 4448 4944 S0 CTcpConnectionBase[8]::ConnectEndpoint(): Connecting to endpoint 169.54.104.73:5938

That IP appears to be owned by Teamviewer.

2021-04-21.png

If this is actually legitimate Teamviewer usage, then there is NO reason to be opening my browser and accessing ANYTHING. If it isn't, that's another matter, but I'd like to think I've protected my Teamviewer account decently.

JoshP · April 2021

Hello @KyleKartan,

Thanks for your post.

In this case, I would recommend you email privacy@TeamViewer.com with more information regarding what occurred, including any log files from the device.

We can confirm that no one at TeamViewer accessed your device in such a manner.

If you have not already, we always recommend setting up Two-Factor Authentication on your account:

https://community.teamviewer.com/English/kb/articles/4711-what-is-two-factor-authentication-for-your-teamviewer-account

You can also set an allowlist so only specific users or IDs can connect to any of your devices:

https://community.teamviewer.com/English/kb/articles/29739-block-and-allowlist

You can find more about TeamViewer's security here:

https://www.teamviewer.com/en-us/trust-center/

Hope this helps clarify 🍀