Possible Security Breach Logmein Pro via Wifi?

I am a Pro user logging in from abroad to my machine in my home country. I did so via a Wifi hotspot as a matter of convenience.

I was able to logon to my administration screen but when I clicked to connect to my computer it simply said "Connecting..." and hangs. I restarted the browser and logged on to the administration screen again. Alarmingly, I see from the usage log reports that someone has been connected for a certain number of minutes and a connection is in session. I also got an email that a "Desktop Shortcut Key" has been created although I did not create such key. I clicked to invalidate the key.

Has anyone had a similar security issue? I've read Logmein's security white paper but can't figure out the security implications around this. I imagine a man-in-the-middle attack over Wifi is a theoretical possibility hence the unusual activity in the logs? Thank you.

Find more posts tagged with

Comments

Creos

Thought about this further. Would agree a man-in-the-middle attack is far less likely than a simple keylogger.

This is not true: mainly because the precision it would take to do such an attack is very time sensitive, and is difficult, if nigh impossible, to get on the first try.

For highest security, for those who need it, it'd be wisest to avoid wifi.

Creos

Thanks. Makes sense that there is a time component to the key exchange at logon.

Am a few days out of date on the last Malware Bytes and McAfee Antivirus check on the "client" computer. Updated the software and running a full scan at the moment.

I've read other threads reporting "In Session" when in fact a user is not in session so have discounted that report. However, since I'm running reputable products on the client end, that's what's bothersome about the event log reporting connections that are not my own. I do not share the account.

The passwords for the "server" computer and Access Code are different. The logs only report a few minutes of unusual activity so hopefully the different passwords proved effective.

In this case the server computer does not contain sensitive data so I'd be surprised if an attacker was throwing such sophistication at an attack. It's been useful from the perspective of being properly educated about the product in any case. Good job on the quick answer. Thanks again.

Sean_K

A man-in-the-middle attack is far less likely than a simple keylogger. Mainly because the precision it would take to do such an attack is very time sensitive, and is difficult, if nigh impossible, to get on the first try. A keylogger can be loaded and run on a computer utilizing an open wifi fairly easily. Relatively speaking, of course.

In truth, you can invalidate shortcuts via your account on a per computer basis. This can be done from the settings section (wrench) icon, and navigating to the Desktop Shortcut tab.

If you did not enter the username and password for your computer or your Access Code (if you use one), and the Access Code is not the same as your Account Password, then you are safe.

I would suggest changing both passwords anyways, and make them different if they are not already. This would of course be done after scanning and removing every bit malware you may have on your computer via a reputable antivirus/antimalware software.

Quick Links

Join the conversation!

If you found this discussion useful, why not register/sign-in? It only takes a minute to share your feedback, ask a question, or vote for a new feature!