Week
Four ↓
Most of us use
third party remote desktop applications for several tasks. TeamViewer is one of
these applications and it was recently discovered that you can completely take
over a server(the remote desktop session
initiator who needs to view a user's desktop) or a client(the user who's
desktop is shared)(Swati, 2017) without the victims consent.
The exploit leverages "naked inline
hooking and direct memory modification to change TeamViewer permissions" (Swati,
2017). Gellin, who wrote the code stated that the code allows the server (hacker)
to enable "switch sides" feature after authenticating with the client
(victim) (Gellen, 2017). Conversely, it allows the client (hacker) to control
the server's (victim) mouse and keyboard.
AttaCk vector
The Gellen tool “utilizes
signature/pattern scanning to dynamically locate key parts in the code at which
the assembly registers hold pointers to interesting classes” (Gellen, 2017). “Applies
inline naked hooks also known as code caves, to hi-jack the pointers to use for
modification via direct memory access to their reversed classes” (Gellen, 2017).
Mitigation
The vulnerability
is cross platform; it exists in Windows, Linux, MacOS versions of TeamViewer and
can be mitigated by installing patched versions of the software as soon as they
become available (Swati, 2017).
References
Gellin. (December, 2017). TeamViewer
Permissions Hook V1. Retrieved from https://github.com/gellin/TeamViewer_Permissions_Hook_V1
Swati Khandelwal. (December,
2017). New TeamViewer hack could allow clients to hijack viewers’ computer.
Retrieved from https://thehackernews.com/2017/12/teamviewer-hacking-tool.html
Video Credit: Tutoriale PC. December 8,
2017
No comments:
Post a Comment