[English]At the begin of February 2024, it became known that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment. I pointed out early on that the hack had already taken place in December 2023. As a result, a certificate change for the digital signing of AnyDesk clients is pending, an old certificate from "philandro Software GmbH" has been recalled and is now invalid. Newly signed clients should be available from February 12 or 13, 2024.
Advertising
AnyDesk hack with consequences
Since my suspicion at the end of January 2023 (see AnyDesk und die Störungen: Es ist womöglich was im Busch and AnyDesk: Be careful in using that remote support software) that the "technical problems" at AnyDesk are the result of a hack, I have been investigating the case in various blog posts and have brought new details to light, which were then confirmed by AnyDesk after a delay. You can read about this in the articles linked at the end of the post.
As of February 13, 2024, the situation is that AnyDesk clients that were digitally signed with the old certificate of "philandro Software GmbH" after December 19, 2023 are no longer accepted – the certificate has been revoked. On the other hand, custom clients could no longer be generated and digitally signed for a few days. AnyDesk had deactivated this option in its portal. Now something should have changed.
There are newly signed clients
According to my information, AnyDesk has informed customers by e-mail that newly signed AnyDesk custom clients are now available. The following screenshot shows the information in the mail.
You should let the EXE or MSI file recreated in the My-Anydesk portal. These are then signed with a new certificate. A reader confirms that the new custom client can be configured in the Anydesk portal I, for which he is registered. However, the user is only shown version 7.0.14 (for Windows). When downloading the client, it can be seen that it has been signed with a new certificate as of February 14, 2024 (valid from February 12, 2024).
Advertising
This part should now be done and every OEM can build custom clients from AnyDesk for their customers. AnyDesk has also published this support article, which shows how to ensure that the new certificate is used.
What about OEMs?
This brings us to two sticking points where the readership can make a contribution. First question: Should you update to the new AnyDesk client? Who still has confidence in the reliability of this provider, especially with regard to its information policy after the hack? Second question: What is the situation with OEMs? What are your experiences: Do they already have an AnyDesk client with a new digital signature?
In this German comment, Fritz reports that the IT service provider Aagon is ending AnyDesk integration in ACMP (see this announcement). Another German comment, which a reader posted at my request, refers to the medical service provider (German gematik TI connectors) CGM, which has probably not yet made any announcements regarding AnyDesk and certificate changes. In short: How are things looking for you in the field? Have the OEMs reacted and rolled out new clients? Are there any problems or new findings?
Articles:
AnyDesk confirmed, they have been hacked in January 2024, Production systems affected – Part 1
AnyDesk hack undercover – more information and thoughts – Part 2
AnyDesk hack undercover – Suspicious cases and more – Part 3
AnyDesk hack undercover – Access data offered for sale – Part 4
AnyDesk hack – A review – Part 5
AnyDesk hack – Review of the German CERT BSI report – Part 6
AnyDesk hack – Notes on exchanging certificates for Customs clients 7.x – Part 7
AnyDesk hack – more details (FAQ from Feb. 5, 2024) – Part 8
AnyDesk hack already noticed on December 20, 2023? – Part 9
AnyDesk hack confirmed as of December 2023; old certificate recalled – Part 10
AnyDesk hack: Revoke chaos with old certificates? – Part 11
AnyDesk hack: Newly signed clients available; what are your experiences? – Part 12
Störung bei AnyDesk, jemand betroffen?
AnyDesk: Be careful in using that remote support software
Advertising