Another Hack: TeamViewer Allow Clients to Hijack Viewers PC

A critical vulnerability discovered in the TeamViewer software was discovered which could allow users sharing a desktop session to gain complete control of the other’s PC without permission. The GitHub user named Gellin has disclosed this new hole.

TeamViewer Hack
How does the hack work?

Gellin has published his proof-of-concept (PoC) code which is an injectable C++ DLL, it leverages “naked inline hooking and direct memory modification to change TeamViewer permissions“. The injectable C++ DLL injection can be used by both, the client and the server, which results as mentioned below:

If exploited by the Server—the hack allows viewers to enable “switch sides” feature, which is only active after the server authenticated control with the client, eventually allowing the server to initiate a change of control/sides.


If exploited by the Client—the hack allows the client to take control of the mouse and keyboard of the server “with disregard to servers current control settings and permissions.”

Windows, MacOS as well as Linux machines are all the same affected. The Reddit user xpl0yt who first publicized this vulnerability claimed to have been in contact with the TeamViewer security team, who confirmed him the existence of the vulnerability in its software and released a patch for Windows. TeamViewer users are recommended to install the patched versions of the software as soon as they become available.

Alternatives?

AnyDesk is a good alternative to TeamViewer or RealVNC which is open-source, both getting regular updates and there working on all operating systems.

What do you use? Let me know in the comment section.

One thought on “Another Hack: TeamViewer Allow Clients to Hijack Viewers PC

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: