Feb 5th – Popular remote access solution AnyDesk has confirmed that it recently suffered a cyber attack. The attack enabled hackers to access the company’s production systems. Source code and private code signing keys were stolen.
According to AnyDesk, ransomware was not involved. The attack’s origins haven’t been publicly disclosed.
AnyDesk clients
The company reports having 170,000 customers. They include Samsung, MIT, NVIDIA, 7-Eleven, Comcast and the United Nations.
AnyDesk response
During the attack mitigation phase, AnyDesk stated that it revoked security-related certificates and remediated or replaced systems, as necessary. The company also provided reassurance to customers regarding AnyDesk’s safety. As of the time of writing, there is no evidence that end-user devices were affected by the incident.
“We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code-signing certificate,” said the company in a public statement.
Authentication tokens
According to AnyDesk, no authentication tokens were stolen. However, out of an abundance of caution, AnyDesk is revoking passwords to its web portal and suggests that users also change passwords, especially if they’ve been used for other websites.
“AnyDesk is designed in a way which session authentication tokens cannot be stolen. They only exist on the end user’s device and are associated with the device fingerprint. These tokens never touch our systems, ” AnyDesk noted to security professionals.
More information
It is strongly recommended that all users migrate to the new version of the software. The old code signing certificate will be revoked shortly.
Related resources
|