Conrad Sallian's community posts

Also, about this:

If I got an unknow PC in my address book, the same could happen for us, that our computers may appear in other customer's address book and they will be able to access our PCs

Please, let us know how this is supposed to happen if that "other customer" doesn't know your Host access credentials or access credentials (along with address and port) of your RU Server? From where will they get this information?

Remote Utilities doesn't employ an online "customer database". It's stand-alone software. There is no "central" database on the web unlike many of our competitors. In fact this is a big advantage of Remote Utilities vs. its "SaaS" competitors - there's simply nothing to "hack" and steal. One can only get access to someone else's Host if they know access credentials for that specific Host.

The record in your address book appeared because:

1. You set up a custom Host installer to make it automatically send its access credentials to your RU Server address book upon installation.
2. Someone whom you do not recognize got possession of your Host package and installed it on their computer. So the host reported itself to your RU Server and was added to your Viewer address book (via the RU Server address  book sync feature).

For the same to happen in your own network someone needs to either inject a custom-built Hosts to your network computers or get access to your existing Hosts somehow (for this they should know access credentials) .

Hello Rodrigo,

Since you decided to also post in the forum in addition to your support ticket, I'm copying my response to your ticket below:

Thank you for your message.

First, let me assure you that this is in no way a security breach as you might think. Please, see my explanation further below. I'd also like to note that Remote Utilities has been used by hundreds of thousands of companies throughout the world which certainly wouldn't be possible if there were such vulnerabilities. Among these customers are medical institutions, military organizations and government agencies (such as courts and law enforcement agencies).

With regards to your issue, I can guess that you used the Remote Utilities feature that allows you to automatically add remote computers to your address book and gain access to them once they run and install your custom-built Host package. There are several points to make here:

1. Remote Utilities connection is only possible "one way", i.e. Viewer connects to Host, not vice versa. Host cannot "connect" to Viewer. These two are totally different modules each for its own task. No one can "connect backwards" to your Viewer just because they installed the Host on their computer, even if this Host is your custom-built Host. It doesn't work that way.

2. The fact that someone can install your custom-built Host on their computer does NOT automatically mean that any Viewer other than yourself can get access to that computer. The custom-built installer was created by yourself and only you have access to the Host instances installed from it.

Even then you can always turn on the "Ask user permission" feature on the Host (you can also enable it during Host configuration) and ensure that the remote user has a choice whether to accept or reject the incoming connection https://www.remoteutilities.com/support/docs/ask-user-permission/

3. Finally, and this can be applied to just any remote access software around, not only to Remote Utilities - if you set up access to a remote PC and the remote user accepts that (either by installing the agent file or sharing a web link like with some of our competitors' products) this means that you have full access to their PC.

And this is exactly how remote control software is supposed to work - to give the authorized user access to a remote computer. It's just a tool that works the way it is set up. And there are many built-in features to increase security, the "Ask user permission" and "2-factor authentication" among them.

Let me repeat the fact - if your custom built Host is installed somewhere (which resulted in the Host appearing in your address book, this poses NO threat whatsoever. Neither for your Viewer PC nor for your network. Because of the one-way nature of RU connection.

Thank you for the report. Currently checking one of our servers that could have the said issue. Sorry for the inconvenience.

Hi Mihhail ,

Feel free to try again now.

Thanks.

Hi Mihhail,

Thanks for letting us know. We'll check out the script and see what might be wrong with it.

Hi Nijel ,

No, self-hosted server isn't affected in any way because it doesn't require our hosted service to work. It is a completely isolated/autonomous solution.

My bad! I wasn't trying to break the rules on purpose, I just find the Windows Viewer is much more reliable at maintaining multiple host connections than the Linux Viewer is, and I prefer to use Linux so that's the only reason I was using the program that way.

No worries ) You should just apply your RU license key in RU Server as described here. While any paid customer can still use RU Server in the "free mode" , registering it with their RU key will extend their allowed connections via that server (it will bring this number to that allowed by their RU license). So if you have a paid RU license and you use RU Server it's always a good thing to register RU Server as well.

Hope that helps.

Hello Myavin,

Thank you for your message.

Yes, they may send various verification methods including the one you mentioned (they may also give you a call to verify the order). You shouldn't be worrying.

You can also call them directly (i.e. initiate a call from your side) and ask about that message to be 100% sure that it's from them. Here is their contact information - the phone numbers are down below on the page:

https://payproglobal.com/contact/

Hope that helps.

Currently fixing the server issues. Please, let us know if/when the connections are restored.

Manuel Lopez wrote:

Here is my viewer log (I replaced the pc name with PCX and my IP with x.x.x.x):

31-01-2023__15:28:43__774 Connection #455877. Connection to "PCX". Mode: <Authorization>. Connecting...
31-01-2023__15:28:43__775 InetConnection #455877. Internet connection to PCX (x.x.x.x:5655).
31-01-2023__15:28:43__795 InetConnection #455877. Method "Connect" - OK. PCX connected to ID server: x.x.x.x.
31-01-2023__15:28:44__769 InetConnection #455877 - PCX need. Server version: 0
31-01-2023__15:28:59__783 InetConnection #455877. Socket error. Name: "PCX", host: "x.x.x.x:5655". Exception class: "EIdReadTimeout". Message: "Read timed out.".
31-01-2023__15:28:59__784 Connection #455877. Connection to "PCX" failed. Mode: <Authorization>.
31-01-2023__15:28:59__785 Context #455877 removed. Mode: <Authorization>.

Hi Manuel,

What's the server IP address in "PCX connected to ID server: x.x.x.x." ? This will help us pinpoint the issue.

Thanks.

Hello ,

Thank you for the reports. Currently checking the issue.