TeamViewer has responded to the reports that their software is abused to install ransomware on computers. Yesterday we reported that users found ransomware on their computer and found in their logs that it was uploaded through TeamViewer. According to TeamViewer this is not due to a security issue with their software.
It's still unclear how cyber criminals gained access to TeamViewer but the company rules out brute-force and man-in-the-middle attacks. The company explains in statement, "a man-in-the-middle attack can nearly be excluded because of TeamViewer’s deployed end-to-end encryption. Additionally, we have no reason to believe that a brute-force attack is the origin of the reported infections. TeamViewer exponentially increases the latency between connection attempts. It thus takes as many as 17 hours for 24 attempts. The latency is only reset after successfully entering the correct password."
The company also stresses that it has protections in place against botnet attacks and that so far it has not found any evidence that, "hint at a structural deficit or a security glitch of TeamViewer". Instead the company thinks there is another cause.
"Careless use is at the bottom of the cases we currently looked at", TeamViewer writes in the statement.
The company believes that the computers are accessed with TeamViewer login data that has been obtained in hacks of other companies, "as TeamViewer is a widely spread software, many online criminals attempt to log on with the data of compromised accounts".
Therefore TeamViewer recommend users to make sure to only use unique and secure passwords, to enabled two-factor authentication and to download the software only through official TeamViewer channels.
