Highlighted
Posted by
Henagon

"Disable remote input and show black screen" can be circumvented easily

  1. Enabled the "Disable remote input and show black screen" option for PC1
  2. From PC2, opened a TeamViewer session to PC1
  3. Screen on PC1 turned black and PC accepted no local input, mouse, etc.
    All seemed well.
  4. Pressed Ctrl-Alt-Del locally on PC1
  5. Black screen disappeared and the options menu (Lock, Switch User, Signout, ...) appeared.
  6. Clicked Cancel or pressed ESC on PC1
  7. Was returned to full local desktop access on PC1!

So even with the "Disable remote input and show black screen" option set, it is trivially possible for an attacker to gain local access to the desktop of the remote PC1. And if the attacker is quick enough, he could swiftly shut down the Teamviewer session and thus disconnect the legitimate user on PC2.

Hardware & OS
ATI Radeon HD 2600 XT
AMD Driver Version 8.970.100.9001
Intel Core i7-2600K
Windows 10 Enterprise 2016 LTSB, Version 1607