Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Frequently Asked Questions on Security Incident at AnyDesk

The image includes a teal gradient background. At the top center of the image is a Tenable Research logo. Underneath the logo is a rectangular box in teal with the words "ADVISORY" in it. Underneath this box are the words "Frequently Asked Questions."

Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2.

Update February 7: The blog has been updated with new information from AnyDesk including a new FAQ document, a new version of AnyDesk for macOS and an updated list of Tenable product coverage.

View Change Log

Background

The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a security incident at AnyDesk.

FAQ

What is the incident being reported at AnyDesk?

Since February 1, reports began circulating on social media about a possible breach at AnyDesk Software GmbH, makers of a remote desktop application called AnyDesk. In a post on its website on February 2, AnyDesk confirmed that it had conducted a security audit following “indications of an incident” affecting “some” of its systems, which led to the discovery of a compromise of its production systems.

When did this incident occur?

No specific time frame for the incident was shared in AnyDesk’s post. However, AnyDesk announced it would be undergoing a 48-hour maintenance period on January 30 on its X (formerly known as Twitter) account.

What exactly happened during this incident?

AnyDesk did not share any specifics in its post about what information may have been exposed during the attack, only noting that they found evidence of “compromised production systems.” However, sources have told BleepingComputer that threat actors “accessed source code and code signing certificates” during the incident. According to AnyDesk, the security event they experienced was “not related to ransomware.”

As of February 2, much of this information is still preliminary and we expect more information to come to light in the coming days.

Did AnyDesk revoke the compromised code signing certificates?

Yes, AnyDesk released a new version of its Windows application on January 29 that includes a new code signing certificate. However, AnyDesk says they plan to revoke “the previous code signing certificate for our binaries shortly” though it is unclear if other versions of AnyDesk will be updated soon.

Is this a supply chain compromise?

Based on the limited information available as of February 2, there are no indications that a supply chain incident has occurred. While code signing certificates were "accessed," existing AnyDesk binaries do not appear to have been tampered with as far as we know.

What else has AnyDesk done in response to this incident?

AnyDesk says they revoked security-related certificates, revoked passwords to their web portal and are recommending customers reset any passwords that they may have reused for their AnyDesk portal.

Is there any other official source of information from AnyDesk about this incident?

Yes, AnyDesk has published an FAQ document on its website on February 5. They’ve also updated their public statement.

What versions of AnyDesk are safe to use?

According to AnyDesk’s FAQ document, versions 7.0.15 through 8.0.8 are considered to be the latest versions of AnyDesk that are recommended for customers. So far, we’ve only seen confirmations that AnyDesk 8.0.8 for Windows and AnyDesk 8.0.0 for macOS have been signed with the new code signing certificates.

Solution

As of February 6, AnyDesk released at least two new versions of AnyDesk, one for Windows and one for macOS that include the new code signing certificate. Here is the list of AnyDesk software versions as of February 6.

AnyDesk SolutionVersionLast Updated
Windows8.0.8January 29, 2024
macOS8.0.0February 6, 2024
Android7.1.0November 6, 2023
iOS7.1.0December 13, 2023
tvOSUnknownUnknown
Linux6.3.0August 10, 2023
FreeBSD6.1.0January 28, 2021
Raspberry Pi6.3.0August 10, 2023
On-Premises Solution2.1.3December 4, 2023

We do not have definitive confirmation that other versions of AnyDesk will be updated with new code signing certificates, but we are listing the versions above for informational purposes. If the versions change, we will update the table above.

Identifying affected systems

Tenable has released the following local detection plugins and vulnerable version check plugins for AnyDesk.

Plugin IDName
189953AnyDesk Installed (Windows)
189955AnyDesk Installed (macOS)
189973AnyDesk Installed (Linux)
189954AnyDesk < 8.0.8 Invalidated Signing Certificate

We will update this blog with information about additional coverage.

Change Log

Update February 7: The blog has been updated with new information from AnyDesk including a new FAQ document, a new version of AnyDesk for macOS and an updated list of Tenable product coverage.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.