![]() No public part of the TeamViewer website tries to load the font. ![]() The TeamViewer website could, for example, change the download button to a purchase button, or give support documentation relevant to your version of the software. I assumed the website used it to adapt its contents to whether you have the software installed or not. There’s no need to waste time in a support scam asking the victim to install a remote-access tool when they’ve already got one set up and ready to abuse.Īfter I learned about the existence of the TeamViewer font, I expected to find it used on the TeamViewer website. This could enable more targeted social-engineering messaging based on the knowledge about whether the software is installed or not. It leaks who TeamViewer’s customers are to every website they visit. The font raises the risk of phishing and scams targeting TeamViewer customers. A quick query on GitHub reveals that many font fingerprinting libraries include references to the font names TeamViewer15, TeamViewer14, and TeamViewer13. TeamViewer releases a new version of the font with every major version number change. The current version of the font is called TeamViewer15. Why would it be required on Windows but not the other supported platforms? This tidbit of information is also why I’m convinced the font serves no purpose in the TeamViewer client software. The font is only bundled alongside the Windows version. TeamViewer doesn’t bundle the font in its Mac and Linux versions. As far as I can tell, the only TeamViewer software that references the font file is the TeamViewer installer and the uninstaller programs. The TeamViewer client program doesn’t load the font file, list all the installed fonts, or reference the font file directly. It doesn’t need to install the font as a generally available system font if it only served an internal use. If the program needed this font for some obscure reason, it could load it from its own data directory. There’s no use case for installing a unique non-general purpose font like this along with your software other than enabling browser-based fingerprinting. The odd and almost unreadable proportions of the TeamViewer font make it well-suited for fingerprinting. If it does, then the website knows you’ve got that font installed on your computer - and by extension the software that installed it. It then changes the font to, say the TeamViewer font, and checks to see if the text changes width. A webpage creates a hidden bit of text and measures how wide it is. Font detection relies on brute-force testing. ![]() Websites can detect the fonts you’ve installed on your computer. You get the TeamViewer font as an option in all programs that support setting your own font (such as Microsoft Word). However, these fonts are all meant to enhance your use of the software by giving you more fonts options. It’s not uncommon for creative software - like Microsoft Office, LibreOffice, and the Adobe Creative Suite - to install complementary fonts. The included characters feature a rather unique and mostly unreadable design. The remaining 24 majuscules (uppercase) characters of the Latin alphabet are encoded as an apostrophe. It contains the characters to write TeamViewer plus the digits 7 and 8. You can see an almost complete type specimen of the TeamViewer font in the above illustration. Intentional or not, it enables websites to detect if you have TeamViewer installed on your computer. So, here’s a bit of a mystery: Why does TeamViewer – the popular remote desktop program – install a font it doesn’t use on your computer? The abstract font (shown in the above image) doesn’t seem to serve any purpose in the software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |