TeamViewer authentication protocol

TeamViewer authentication protocol(blog.accuvantlabs.com)

26 points by alter8 13 years ago | 4 comments

pilif 13 years ago |

When you set up Teamviewer to be running constantly in the background, you are strongly encouraged by the UI to use a real password.

The 4 digit passwords are used for temporary sessions for giving a remote party temporary access to the machine.

In the position of the person giving support and thus needing access, I'm already very happy when I finally get my mother to launch the Teamviewer application (finding an icon on the desktop can be so hard). I don't need her to spell out a real password for me and if she was to chose one of her own it would not be much safer than what Teamviewer generates by default.

Support sessions like that last a maximum of 30 minutes, after which she closes the application (as encouraged by the UI). I really think that the short-lived nature of connections with a weak password somewhat mitigates some of the complaints in the article.

Osiris 13 years ago | |

I use TeamViewer on my LAN to be able to hop onto my other Windows boxes quickly. I prefer it over VNC for a variety of reasons. I use a real password on each box tied to my TeamViewer account.

I've also used it to help my Dad. He does the same thing, launches the application to initiate a session and then closes it when he's does. Since it's only open while he's expecting a connection, I don't see how it could be much of a security issue.

It is interesting to note, however, that a company who's product is designed to allow people full access to another computer and promotes security wouldn't have periodic security audits of their protocol to ensure it's sufficiently robust.

meztez 13 years ago |

Don't forget that once you're in, you still have to login into the actual machine. I'm willing to live with that probability.

rcconf 13 years ago |

Great article. The only issue I had was that I wanted to look at the code examples without downloading them.