In late April searchSecurity.com.au mentioned a number of remote control applications which allow the remote control...
of Windows environments over the Internet. While some software allows for the identified and authenticated control of the Windows dekstop (LogMeIn, WebEx) others allow for the anonymous remote control of a user desktop via a browser plugin which any user can install.
Several scams use this technology to trick home users into allowing the remote control of their Windows desktops, only to be infected with malware. Users are then asked to pay for software to remove the malware, or blackmailed into paying for a anti-virus subscription service.
TeamViewer, a provider of remote control software, responded to a number of questions about their remote control software which allows for the anonymous remote control of a users desktop in a recent chat with searchSecurity.com.au
searchSecurity (SS): TeamViewer provide two ways of connecting to remote desktops, an application which needs to be installed by the user and a ‘join a session’ browser based application from the TeamViewer website home page which doesn’t require any special installation; why did you choose two environments?
TeamViewer: The full version can be installed and offers the complete functionality of TeamViewer. The 'join a session' directs you to the QuickSupport which is the customer module of TeamViewer. This module doesn't require any installation or administrator rights and can be directly started. It only accepts incoming connections and is lacking some functionality (e.g. VPN). The QuickSupport is meant for the fast and spontaneous access of a remote PC on which you do not have necessarily an IT pro.
SS: Once remotely connected to host computer using either the full version or the ‘join a session’ version of the TeamViewer software, the remote user can disable local input. This effectively removes all control of the host machine from the local user. The only way to then cancel the session is for the host machine user to turn off their PC. What is the thinking behind this functionality and considering the possibility of abuse by scammers, why aren't these options either disabled by default or not available on the 'join a session' version of the application?
TeamViewer: Disable remote input and the additional option 'show black screen' are options for home office users. If you work on your PC in the office from at home you want to assure that nobody in your office has the possibility to control the PC while you are working on it and out of privacy reasons also not to see what you are doing on your computer.
SS: Can you help me understand the security features Teamviewer have implemented in the product? What features ensure that the connection is secure? Also, it appears that once a computer runs the teamviewer application for the first time either using the full version or the ‘join a session’ version, an ID is assigned to that computer which doesn’t change for future connections. Is this by design?
Teamviewer: TeamViewer works with a complete encryption based on RSA public/private key exchange and AES (256 Bit) session encoding. This technology is used in a comparable form for https/SSL and can be considered completely safe by today's standards. As the private key never leaves the client computer, it is ensured by this procedure that interconnected computers - including the TeamViewer routing servers - cannot decipher the data stream.
Each TeamViewer client has already implemented the public key of the master cluster and can thus encrypt messages for the master server and check the signature of the master, respectively. The PKI (Public Key Infrastructure) effectively prevents "Man-in-the-middle-attacks". Despite the encryption the password is never sent directly but only through a challenge-response procedure and is only saved on the local computer.
The ID number is generated on each machine (computer or mobile device) once. It is [then] easy to connect to a partner and to store his/her number permanently for repeated access.
SS: In Australia there is quite a problem with scammers calling non-technical users, connecting to their machines remotely and installing malware. In many cases this results in credit card charges for anti-virus software the user doesn’t need, existing anti-virus software removed and the users PC infected with many different kinds of malware. Your software clearly makes it exceptionally easy to remotely connect to a PC over the Internet, what features are included in the software to stop scammers making use of your software?
TeamViewer: TeamViewer is a secure tool for remote support, where the side which is accessed through the software has to provide the access password. If the secure password is provided we at TeamViewer can't know this is for the reason to scam someone or for a remote support session. We work together with authorities of course and try to help as much as possible to prevent those activities by blocking those users out of the network.
SS: Thanks for your time
searchSecurity.com.au also spoke to TeamViewer technical support who recommended that any abuse of their software by scammers should be immediately reported to the customer service line, which offers a local Australian number.