Check out our Frequently Asked Questions (FAQ) about an incident related to AnyDesk. You can find additional information in the public statement released here.
At AnyDesk, transparency, company integrity, and trust in our products are of utmost importance. We will continue to update this FAQ page as we strive to keep you informed.
Last updated: February 5, 2024, 5:45 pm CET
In mid-January, AnyDesk received reports of an incident involving some of its systems. Following this, the company conducted a security audit and discovered evidence of compromised production systems. AnyDesk immediately implemented a remediation and response plan, involving cybersecurity experts from CrowdStrike. The remediation plan has been successfully completed. Relevant authorities have been informed and AnyDesk is closely collaborating with them. The situation is under control, and it is safe to use AnyDesk.
Was it Ransomware?
No, it was not ransomware. It was also not ransomware-based nor an extortion attempt.
Are Credentials Affected?
AnyDesk does not believe this to be the case. However, as a precautionary measure, AnyDesk has enforced a password reset for all customers. This is due to the brief possibility, albeit theoretical, that credentials could have been affected.
To elaborate, a brief description of AnyDesk’s systems is necessary: they are designed to not store private keys, security tokens, or passwords that could be exploited to connect to end users’ devices. When users enter their credentials into the AnyDesk client, they are transmitted to AnyDesk servers through a relay server. The minimum standard for securing these credentials during transmission is TLS/SSL encryption. Furthermore, the client only connects to the AnyDesk “my.anydesk.com II” customer portal server.
Only two of these relay servers in Europe were affected by the incident. This means that connections to the “my.anydesk.com I” customer portal are not explicitly involved. Also, clients in non-European countries, such as the U.S., Asia, Africa, Australia, and South America, and those connecting through relay servers outside the affected location zone of these two servers (specifically, Spain and Portugal) are not affected. Users who had their credentials already saved in the client, and did not enter them manually, are also not affected.
AnyDesk’s assessment determined that there was only a theoretical risk of credentials being compromised. Even for the limited connections deemed to be at risk, attackers would have had to extensively rewrite AnyDesk’s software code within a very short timeframe, trick users into using a fake version of the software, and then have them enter their passwords. This seems unlikely, although not impossible.
Could Compromised Versions of AnyDesk with its Certificate be Distributed?
AnyDesk has no indication that compromised versions of its software have been or are being distributed. All versions of AnyDesk obtained from official sources are safe to use. However, it is recommended to use the latest versions 7.0.15 and 8.0.8.
Furthermore, AnyDesk has revoked all security-related certificates and is in the process of revoking the code signing certificate. Therefore, users are advised to use the latest version and not download it from a third-party website.
Can Sessions be Hijacked?
AnyDesk considers session hijacking in relation to the incident to be highly improbable.
Is Malware Spreading through AnyDesk?
No. AnyDesk has reviewed its code and found no malicious modifications. There is also no evidence of malicious code being distributed to clients through AnyDesk systems.
What is the Latest AnyDesk Version? How can Users Ensure They are Using the Correct One?
The latest versions are AnyDesk 7.0.15 and 8.0.8. Users can check if they are using the latest version by opening the properties on their client.
- Published at