TeamViewer is a remote access service that allows you to share and view remote desktops with the option to take control as if you were sitting right in front of them. This would appear to be a simple solution to the eternal problem of how to provide support to friends and family without having to hop in the car and drive over. For businesses, TeamViewer can give employees an easy way to give presentations and tutorials to clients without the expense of traveling.
One question that comes to mind when considering installing this software is whether or not it’s secure enough to allow simple access to your machine while keeping unwanted parties out.
According to their official website, TeamViewer uses a method of encryption that is based on RSA private/public key exchange and AES (256 bit) session encoding. This method is used most often with https/SSL encryption relied upon by the vast majority of online merchants and banking institutions to keep their customers’ data safe, even on otherwise unsecured networks.
RSA private-public key exchange is an algorithm for public-key cryptography. Essentially, each party in the TeamViewer session generates a public and a private key. The public key is shared openly but without the private key, which would be extremely difficult to determine due to the size of each of the keys, the data transmitted between the two parties is strongly encrypted. This method also allows for a point-to-point encryption keeping the data transmitted a secret even from TeamViewer’s routing servers.
AES256 encryption is an extremely strong encryption standard originally introduced by the US government in 2001 and is one of the most secure encryption protocols in use today. While AES is an open and public cipher, it was adopted by the NSA for “Top Secret” information making it the first standard to receive that level of trust by the agency.
In addition to the redundant levels of encryption, TeamViewer also generates a session password that is unique to each software start. This means that if in some way the password was compromised, it would become useless once the software is reset.
Users on the remote computer are given a notice as soon as another user has connected, making it impossible to access the system invisibly. Also, security-specific issues, such as file transfers, require authorization from the remote machine directly to complete.
Even with all of this in place, it’s ultimately up to the user to make sure they don’t give out information on how to access their computer to anyone they don’t absolutely trust. TeamViewer is built for businesses with established trust between employees to access company machines and data. While their personal non-commercial license is currently free, giving access keys out to someone you barely know or don’t absolutely trust is no different than letting them sit in front of your computer and view all your files outright. The best rule of thumb here is if you wouldn’t let them in your home to sit at your desk and work on your computer, don’t let them do it remotely.
With this level of security surrounding TeamViewer, it would be hard to call the software completely insecure. It would appear far more likely for someone to gain unwanted access through social engineering or phishing than by brute force cracking through the encryption.