Users complain about hacked TeamViewer – company blames careless users

vbimport

#1

We’ve just posted the following news: Users complain about hacked TeamViewer – company blames careless users[newsimage]http://www.myce.com/wp-content/images_posts/2016/03/teamviewer-95x75.png[/newsimage]

Users of the remote desktop software TeamViewer complain on Twitter and Reddit that their computers are hacked through the software. The hacked computers were used to make fraudulent purchases, users complain.

            Read the full article here: [http://www.myce.com/news/users-complain-hacked-teamviewer-company-blames-careless-users-79591/](http://www.myce.com/news/users-complain-hacked-teamviewer-company-blames-careless-users-79591/)

            Please note that the reactions from the complete site will be synched below.

#2

With the amount of control TeamViewer has on your PC, at least enable 2-Factor Auth.


#3

Whenever we are talking about remote control applications, the question of security is of utter importance.
I do work mainly in this application as it saves me the time of travel and so I thought I should list a few general hints.

[ol]
[li]Do not set up remote access for the TeamViewer Full installation unless you need to remote to the machine.[/li][li]Do not set up an online TeamViewer account to keep track of the PCs to be remoted. Doing this could potentially compromise security (You can use TeamViewer Manager from v10 on a USB stick [The application can create the portable version after install]).[/li][li]For TV Hosts to be remoted by the main application in your LAN only, set it to accept incoming LAN connections exclusively in the TeamViewer Host options (it defaults to not accepting LAN connections).[/li][li]Set ‘Hide online status for this TeamViewer ID’ in options for your host installations.[/li][li]Always set the option ‘Lock on session end’ to avoid the remote computer being left unlocked after you quit the TeamViewer session.[/li][/ol]
If possible:
[ol]
[li]Make sure the computer(s) to be remoted are members of a domain (preferably without local caching of the password).[/li][li]Use a two factor authentication as m-p{3} suggests.[/li][/ol]
It is impossible to eliminate risks entirely because of the very nature of the subject (remote via internet), but by following the above guidelines, you should minimize the potential of an attack :flower: