In the last couple of days, some reports surfaced which linked some ransomware infections with TeamViewer. We strongly condemn any criminal activity, however, we can emphasize two aspects:
(1) Up to now, none of the reported cases is based on a TeamViewer security breach
(2) Some selected steps will help prevent potential abuse
Ad (1.): We looked thoroughly at the cases that were reported to us. According to our investigation, the underlying security issues cannot be attributed to TeamViewer. Thus far we have no evidence that would suggest any potential security breach of TeamViewer that attackers exploit. Furthermore, a man-in-the-middle attack can nearly be excluded because of TeamViewer’s deployed end-to-end encryption. Additionally, we have no reason to believe that a brute-force attack is the origin of the reported infections. TeamViewer exponentially increases the latency between connection attempts. It thus takes as many as 17 hours for 24 attempts. The latency is only reset after successfully entering the correct password. TeamViewer not only has a mechanism in place to protect its customers from attacks from one specific computer but also from multiple computers, known as botnet attacks, that are trying to access one particular TeamViewer-ID.
Apart from that, we would like to state, that none of the reports currently circulating hint at a structural deficit or a security glitch of TeamViewer.
Careless use is at the bottom of the cases we currently looked at. This particularly includes the use of the same password across multiple user accounts with various suppliers.
