TeamViewer is whacking anti-hacker protections into its remote-desktop tool – as its customers continue to report having their PCs and Macs remotely hijacked by criminals.
Two new security checks in TeamViewer will warn users when a new device or location attempts to log into their TeamViewer account and remotely manage any computers connected to it, and will raise an alert if suspicious activity is detected.
This exact behavior has been reported in surprising numbers by folks throughout the past two weeks: TeamViewer users complain that miscreants on the other side of the internet have broken into their desktops, and seized victims' web browsers to empty online bank accounts and place internet orders. In some cases, people have lost thousands of dollars as crooks exploited passwords saved in browsers.
The victims say their computers were remotely controlled through their TeamViewer accounts, some watching in horror as their mouse suddenly started moving by itself – under the command of a far-away villain.
Speaking directly to The Register and in announcements to customers, TeamViewer has denied that the crime spree is due to any compromise of its own servers. Rather, it claims, the victims of the attacks had reused their TeamViewer login passwords on other websites that have been breached, such as LinkedIn and Tumblr. Armed with copies of those leaked passwords and email addresses, TeamViewer claims, thieves then log into people's TeamViewer accounts and access connected PCs.
A big bunch of discussion threads have spawned online, in which victims detail the circumstances that led to their machines being hijacked from across the planet. While in many cases the hacked customers say that they had indeed reused passwords from other sites (notably LinkedIn), others have reported that they had been breached despite using unique passwords and two-factor authentication.
Reg readers have also reported receiving suspicious TeamViewer contact requests from unknown individuals. A TeamViewer spokesperson told El Reg that while accepting a contact request would not give that person direct access to controlled PCs, the contact info could be used to see when a person is online, and customers should not accept contact requests from any unknown and/or suspicious parties.
Throughout the ordeal, TeamViewer has maintained that it is not at fault for the account thefts. The Germany-based company's handling of the matter has brought harsh criticism from aggrieved customers, who accuse the company of being in "complete denial" of the problem.
What TeamViewer says it will now do is attempt to notify users of any shady or unusual behavior. The new security features will email account owners asking for permission whenever a new device attempts to log into their account.
Additionally, the TeamViewer service will check the geographic location of the login attempts and require a password reset whenever someone attempts to log in from a locale that had not previously appeared.
Don't, however, expect a mea culpa any time soon.
"We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users," a letter to customers reads.
"They have taken advantage of common use of the same account information across multiple services to cause damage." ®