You may have previously heard about TeamViewer if you’ve ever needed to remotely access another device for the purposes of maintenance or general work activities. One of the most common queries asked by system administrators and tech support professionals across the leading forums for technology specialists in 2021 is, "is TeamViewer safe to use?"
In this article, we’ve asked privacy specialists and technology leaders across the world to answer this question and other common concerns that can arise from using this solution. We’ll also be sharing advice on how you can further secure your activity when using this remote access tool in this article.
Is TeamViewer safe for organizations to use?
Our first answer to this question comes from consumer privacy champion at Pixel Privacy, Chris Hauk; “While TeamViewer uses AES 256-bit encryption and also allows you to enable two-factor authentication, TeamViewer is only truly safe if it's properly configured. It is also important that users turn off the app and its access to the user's desktop, where bad guys can cause havoc.”
“Also, many users do not update their TeamViewer app on a regular basis, leaving their systems more vulnerable to attacks. Weak and reused passwords are a problem on any system or app, and TeamViewer is no exception. Users must be educated about the proper use of TeamViewer and similar apps.”
The second answer for this query is from Paul Bischoff, privacy advocate with Comparitech, a security solution comparison service that has been featured on Gizmodo, Wired, The New York Times and The Guardian; “TeamViewer can be safe to use, but is often implemented in an unsecured way. You can think of it in the same way as Zoom bombing. If you don't take steps to secure login credentials and restrict who can access a Zoom meeting, and you spread the invite link around to enough people, then eventually someone is going to barge in uninvited, possibly with malicious intent.”
“Hijacking a TeamViewer session can result in a lot more damage, however, because attackers can actually control the victim system as if it were their own. Furthermore, TeamViewer access remains in place indefinitely by default.”
“Whereas all Zoom meetings end, TeamViewer access can remain open for weeks or months, giving attackers a lot of time to find it, break-in, steal data, and plant malware. TeamViewer might not update automatically, which means organizations might be using old versions with zero-day security vulnerabilities.”
What is Teamviewer’s history of breaches and disclosures?
Chris was happy to explain further on the history of TeamViewer’s previous security breaches; “TeamViewer suffered from external password breaches back in 2016, and in 2017 a vulnerability was discovered that allowed hackers to take control of a user's device during a desktop session.”
Paul also covered this question in his response: “TeamViewer and similar remote desktop software have been getting hacked as long as they've been around. The Oldsmar water treatment plant incident is probably the most notable in recent memory. It's worth mentioning that prior to 2018, not every State had a data breach disclosure law, so some incidents might have been swept under the rug.”
Agency Level Usage
Agency Louder.Online use TeamViewer often as their Co-founder Aaron Agius explains below; “We rely on multiple digital business tools to conduct our everyday work operations, and TeamViewer is one of them.”
“As far as app security goes, TeamViewer certainly meets all of the necessary requirements to be considered safe for organization use.”
“It comes with data encryption, access protection, and 2FA which is more than enough to keep your data safe. Personally, I've been using TeamViewer for years and I have zero complaints about their security practices.”
Used By Students
“Most people worry about the technical aspects of cyber security. They tend to question the quality of the security layers and the reliability of the code. However, when it comes to data breaches, the users themselves are often the culprit”, said Bruno Brasil, software engineer and a frequent user of TeamViewer during his college days.
“TeamViewer has a simple password-based connection mechanism, which means that as long as a user is connected to the application, anyone who has access to the host's password might be able to gain unrestricted access to that computer.”
“In my own experience, the most common security issue I came across while using TeamViewer was simply forgetting that I was connected to a classmate or a client after a long coding session. Meaning once I left my computer, the person on the other side could freely open my files and access any information readily available on my browser, including emails.”
A Managed Services’ Perspective
“When we have a managed client, we establish with them what all of the authorized support tools are, and block the rest,” states Eric Weast of ECW Network & IT Solutions.
“Personally, I don’t use TeamViewer, so it is a blocked program. TeamViewer accounts can be secured, but it is up to the IT Department or Managed Services Provider of the organization to block anything unauthorized and then periodically audit and remove anything that’s an outlier to the established policy.”
“My recommendation to companies is that instead of deeming an individual product or set of products insecure is to learn how to secure them and set baseline policies to enforce that moving forward.”
“We do regular audits against all customers to make sure that unauthorized vendor remote support tools like TeamViewer are blocked or removed if we use a different tool on the network. We are providing the software vendors with their support tools now rather than the other way around.”
“We know if we use our account that all of the good security policies, MFA enforcement, session logging, etc. will follow them as long as they continue to use that account.”
Using Reasonable Caution & Taking Steps To Ensure Security
No matter what IT tool you are using, it is important to take steps to secure passwords and enable two-factor authentication where possible, our next two specialists outline the policies that help ensure that they stay secure.
Our next specialist is Ouriel Lemmel, a member of the Forbes 30 Under 30 who has been featured on ABC News is the founder of WinIt; “As the CEO of a company that works remotely, I use TeamViewer on occasion.”
“TeamViewer is not a program we use regularly across our company. However, there are occasions from time to time when the problem needs solving remotely and TeamViewer has been beneficial. We use it internally and only for tech support. Our IT guys have been trained on when to use TeamViewer and we never allow access to outside support.”
“If you’re using TeamViewer be cautious about password protection. Like any software, TeamViewer can be dangerous if it gets into the wrong hands. Be sure you are rewriting passwords regularly and not allowing for access outside of your company.”
Next up Phil Strazzulla, Founder & CEO of Select Software Reviews, also gave his thoughts on his experience with using TeamViewer; “As a tech CEO, I know that many service providers rely on being able to remotely access their client’s computers to provide tech support. TeamViewer is a company that provides this remote connection service. Ensuring that a remote connection is safe is one of the major priorities that a provider like TeamViewer should have to maintain the confidence of their clients.”
“On paper, TeamViewer looks very safe. It uses some of the highest security protocols, including AES-256 bit encryption, which is considered military-grade security. However, just a quick look into TeamViewer’s history shows that there are security concerns.”
“In 2016 and 2017, the company had significant security breaches through its password protection protocols. Those problems allowed hackers to steal billing information from customers and illegally access customer devices. While those problems have been fixed, it gives me pause when I consider what else might be wrong with the program.”
“There are some ways to use TeamViewer and limit your security risk. The biggest thing is to always log out of TeamViewer after using it. Terminating the connection between you and the technician using it is the best way to ensure hackers don’t use the private tunnel for bad behaviour.”
“Finally, as with any network connected service, make sure that you have a strong password connected to your TeamViewer account. If a hacker can’t guess your password, they can’t use your account against you.”
“As an IT Provider, we use TeamViewer for our clients”, said President of 403Tech, Scott Gallupe our last specialist interviewed for this article.
“TeamViewer has had its issues in the past and were a victim to cybercriminals hacking into their tool. They have now beefed up their security measures and we mandate 2 Factor Authentication mandatory on all connections.”
“This additional measure protects us and our clients from any bad actors from getting into the system. Is TeamViewer safe? I think that is very hard to define and no company is ever 100% safe, but I do believe their team has made every measure to secure their products and we are happy to support them.”
As with considering any tool or solution that requires access to privileged devices, we agree it is best to err on the side of caution and make sure 2FA is enabled, unique passwords are used and that any unique IDs are stored securely and are not widely shared.
We hoped that you enjoyed this blog answering is TeamViewer safe, if you enjoyed this blog then why not check out one of our blogs comparing Grafana vs Kibana?