After the dust settles, sometimes we realize it was a firework, not a bunker-buster. Such may be the case with the latest much-publicized security concerns, initially unearthed by @blurbdust, an ‘anonymous’ security researcher (more on that at the end).
TeamViewer GmbH, founded in 2005, has come under scrutiny by its’ audience in recent years due to security breaches that many feel could have been avoided with infosec best-practice basics.
The software is a high-value target – being handed remote control to thousands if not millions of computers throughout the world due to its’ prominence as one of few truly multi-platform, KISS remote control tools used by hobbyists and system administrators alike.
Apart from unauthorized intrusions via cracking/hacking, TeamViewer’s software is often associated with tech-support-styled scams out of India and the Philippines, known as social engineering. In the scams. scammers convince their marks that they are with any number of household-name technology firms or government agencies, and extort money on the basis of things like security intrusion remediation or unwitting tax evasion.
In these extortion attempts, TeamViewer, and other remote desktop tools, are used nefariously to gain access to victim’s computers and personal information.
While those particular uses are no more a fault of TeamViewer than the USB standard is of keystroke-loggers, they certainly have not helped the company’s public perception amid other more legitimate scandals.
In June 2016, the company denied being hacked, despite many people reporting that even with 2FA password security, they witnessed their computers being hacked in progress, and trojans being installed.
Not As Bad….
That said, this current threat may be less damaging than reported.
The problem entails poor security storage methods in the software, that allows saved passwords to be easily recovered if the client computer is breached by other means.
Since this vulnerability depends on already compromised systems, the problem is less concerning – but also, not entirely without merit. Firefox had a similar bug revealed in 2018.
The largest attack potential lands on the businesses that use TeamViewer for remote support. If one of their technicians who used TeamViewer had their computer breached, the hacker could use the software to pivot on to customer networks and infect those.
TeamViewer has responded quickly with planned fixes.
How Did This Blow Up?
Shortly after the article was posted, it seems previous distrust of TeamViewer caused an easy path to confirmation bias, and the sensational terminology led the casual reader to assume the worst.
It appears that the author attempted to quickly distance himself from it, with social media and name being nearly empty.
It is unclear when the writer decided to remove his social media accounts, but we were able to find him using the Wayback Machine on Archive.org.
Nicholas ‘Nic’ Losby’s twitter handle is listed in the linked Github authors file for the website that posted the original article, and the article is tagged with that handle. According to the resume listed on his website, blurbdust.com, it shows Nicholas as a current student majoring in Computer Engineering with a minor in Cybersecurity.
From the chain of events and a wiped Twitter feed, it appears that the article may have been originally an educational proof of concept that landed Nic unwanted media attention and criticism.
We’ve reached out to him for comment, he has chosen not to reply to our requests to comment at this time.