Oct. 17, 2022, 7:39 a.m.

Flaw in TeamViewer

TeamViewer is a remote support tool widely used in the industry to allow someone (typically an IT support person or scammer) to assist you with technical issues you may have on your computer, by remotely connecting to your computer and control the mouse and keyboard, and see what is on your screen just like being in front of the computer.

The way it works is the end user needing the support will run the application, the application will generate an ID (tied to your PC) and a random password and display it to the user. The user would then share these two numbers with the remote support person, they would enter it in their copy of TeamViewer and then connect.

The flaw is this: Users tend to leave TeamViewer running all the time as they are lazy or uninformed. So when I went to a local store the other day, I saw TeamViewer was running on their POS terminal, with the ID and password open for everyone to see. I could have taken a quick photo with my smartphone and connect later that night and do whatever they can on that PC.

TeamViewer
TeamViewer

The solution is simple - since users will never change their behaviour, TeamViewer should make the password field (at the very least) a field that only shows for 30 seconds or so, then auto hides. This will allow the user enough time to read it to the support person, but not linger on screen.