2

I'm a bit concerned about TeamViewer's protocol security. Before you get started, keep in mind this question is related to TV. I know there are other solutions like SSH, OpenVPN, LogMeIn, etc. but in this specific case the question is for TV only.

Having set that aside, my main concern is that even if the computer has a root CA (like the one Fiddler installs to sniff HTTPS traffic) -or- if you use Wireshark to grab TV's packets, is it possible to retrieve the screen information so you can see it, or is that encrypted somehow?

I know they use some kind of key sharing in the connection negotiation procedure, but I'm concerned also if with the root CA, a firewall or sniffer of some kind can get those keys and decrypt the data. I don't want/need a generic answer such as "Any MITM can sniff all packets so you're not secure" because that's not true. You can sniff them but if you can't decrypt them in any way then it's all good (at least for my question's objective).

Basically, I want to know that even if I'm running through a proxy/firewall/someone-else-using-a-sniffer-inside-the-proxy, the whole screen can't be seen either in realtime or by packet replay. Thanks in advance! :)

(Before you ask, I'm working on an app which works in a similar way, with master servers and all that, and I'd like to know if by using the same key exchange methods and data encryption is secure enough unless someone tries to break the protocol using a special app that mimicks the app server instead, which would take a lot of work and in the case of TV and my app, such app does not exist yet AFAIK).

DARKGuy
  • 139
  • 4
  • https://www.optiv.com/blog/teamviewer-authentication-protocol-part-3-of-3 – Rui F Ribeiro Oct 05 '16 at 18:07
  • Thanks for the link :) I did read the whole 3 parts, but I didn't think it was relevant since that part speaks of the 4-digit passcode, and TV now uses a 6-char code. After 3 versions later I think/hope they have fixed this issue – DARKGuy Oct 05 '16 at 19:55

1 Answers1

2

Team Viewer's website provides the answer to your question.

TeamViewer includes encryption based on 2048 RSA private-/public key exchange and AES (256 bit) session encryption. This technology is based on the same standards as https/SSL and meets today's standards for security. The key exchange also guarantees full, client-to-client data protection. This means that even our routing servers are not able to read the data stream.

HashHazard
  • 5,145
  • 1
  • 19
  • 29
  • 1
    I did read that, but it's not clear. Their servers may not read the data stream (who guarantees they don't, anyways?) but if I'm through a proxy or have a special app doing a MITM (such as Wireshark for example), that gets both clients's encryption key, can it decrypt the data stream? or I'm a bit confused here?. I mean, is the "public" part of the key only shared online and even if there is a proxy reading that, they can't do anything with it? am I right? – DARKGuy Oct 05 '16 at 18:09
  • Seems like you may be a bit confused on how PKI works. Suffice to say that the private key is never sent between the two clients during the initial negotiation (or at all really) so there is no risk of it being intercepted. If you're a visual learner (like me) this will be useful in understanding why: https://www.youtube.com/watch?v=3QnD2c4Xovk – HashHazard Oct 05 '16 at 18:45
  • Is this of any relevance to the question? http://security.stackexchange.com/questions/110914/is-https-able-to-prevent-arp-poison-attack-in-lan – Rui F Ribeiro Oct 06 '16 at 09:11