The TeamViewer logo, and the name written using the special-purpose TeamViewer font displayed on a desktop monitor.🄍

TeamViewer installs suspicious font only useful for web fingerprinting

So, here’s a bit of a mystery: Why does TeamViewer – the popular remote desktop program – install a font it doesn’t use on your computer? The abstract font (shown in the above image) doesn’t seem to serve any purpose in the software. Intentional or not, it enables websites to detect if you have TeamViewer installed on your computer.

You can see an almost complete type specimen of the TeamViewer font in the above illustration. It contains the characters to write TeamViewer plus the digits 7 and 8. The remaining 24 majuscules (uppercase) characters of the Latin alphabet are encoded as an apostrophe. The included characters feature a rather unique and mostly unreadable design.

It’s not uncommon for creative software — like Microsoft Office, LibreOffice, and the Adobe Creative Suite — to install complementary fonts. However, these fonts are all meant to enhance your use of the software by giving you more fonts options. You get the TeamViewer font as an option in all programs that support setting your own font (such as Microsoft Word).

Websites can detect the fonts you’ve installed on your computer. Font detection relies on brute-force testing. A webpage creates a hidden bit of text and measures how wide it is. It then changes the font to, say the TeamViewer font, and checks to see if the text changes width. If it does, then the website knows you’ve got that font installed on your computer — and by extension the software that installed it.

The odd and almost unreadable proportions of the TeamViewer font make it well-suited for fingerprinting. I believe this is also its true purpose. There’s no use case for installing a unique non-general purpose font like this along with your software other than enabling browser-based fingerprinting.

If the program needed this font for some obscure reason, it could load it from its own data directory. It doesn’t need to install the font as a generally available system font if it only served an internal use.

The TeamViewer client program doesn’t load the font file, list all the installed fonts, or reference the font file directly. As far as I can tell, the only TeamViewer software that references the font file is the TeamViewer installer and the uninstaller programs.

TeamViewer doesn’t bundle the font in its Mac and Linux versions. The font is only bundled alongside the Windows version. This tidbit of information is also why I’m convinced the font serves no purpose in the TeamViewer client software. Why would it be required on Windows but not the other supported platforms?

The current version of the font is called TeamViewer15. TeamViewer releases a new version of the font with every major version number change. A quick query on GitHub reveals that many font fingerprinting libraries include references to the font names TeamViewer15, TeamViewer14, and TeamViewer13.

The font raises the risk of phishing and scams targeting TeamViewer customers. It leaks who TeamViewer’s customers are to every website they visit. This could enable more targeted social-engineering messaging based on the knowledge about whether the software is installed or not. There’s no need to waste time in a support scam asking the victim to install a remote-access tool when they’ve already got one set up and ready to abuse.

After I learned about the existence of the TeamViewer font, I expected to find it used on the TeamViewer website. I assumed the website used it to adapt its contents to whether you have the software installed or not.

The TeamViewer website could, for example, change the download button to a purchase button, or give support documentation relevant to your version of the software. However, this is not the case. No public part of the TeamViewer website tries to load the font.

Update (): A reader identified and documented a usecase for the font on the TeamViewer website in a comment on Hacker News. The website checks for the presence of font (and thereby whether you’ve got the software installed) when you follow a special screen-sharing session invitation link. The links are used to invite others to connect to your computer.

I haven’t examined archived versions of the TeamViewer website; it might have used the font in the past. It really raises questions about the font’s true purpose, though. Is it used by partnering ad networks to better target TeamViewer customers and non-customers with custom messaging?

The TeamViewer font is used to implement a smooth user experience from web to the native client, e.g., when connecting via an invitation link, to offer an installation or initiate the connection directly. This has proven to be helpful to improve the user experience for all user groups; nevertheless, based on the raised concern, we have decided to review and change this approach within one of the next releases to prevent potential detection of a TeamViewer installation via the font.

Robert Haist, Chief Information Security Officer, TeamViewer

Update (): Updated with a statement from TeamViewer. The company has decided to remove the font in a future release.