How to Survive the AnyDesk Theft – And Not Get Hit Again by Similar Apps
Written by Hemendra Singh on February 20, 2019
Are you a frequent user of payment wallets or UPIs for online payment? Do you grant permission to different apps to access your information like contact details, media, location, etc.? If Yes! Then, you need to be extreme precautious while downloading any random applications. In a recent alert release by Reserve Bank of India (RBI) regarding a fraud application, AnyDesk. In the release, RBI alerts the banks about the potential digital banking fraud.
What AnyDesk is all about?
AnyDesk is a software application used for remotely controlling and maintaining the computer. Sitting at office accessing home desktop becomes easy when you download this application. However, due to the lack of proper security measures, this application has become a gateway to your bank balance for the scammers and hackers.
AnyDesk is a software that is used to connect two different workstations remotely. Once the perk of this software is now a big threat to digital payment systems. Let’s see how it is causing a threat to your bank accounts and private information.
How Scammers or Hackers Sneaks to Your Mobile via AnyDesk App
Whenever we install an application, it asks us a couple of permissions through screen pop-ups. Sometimes, these permissions are simple like “XYZ app wants to access your location” or “XYZ app want to access your Contact Details”. Many times we just click ‘Ok’ without much investigating the need to grant them permission.
However, we don’t know the back-end of the application. How secure it is for protecting our information? Thus, we are not on the driving side but on the driven side. Hence, the only option to leverage the benefits of the particular application, we grant them permission.
Thus, it becomes the sole responsibility of the app development company to implement meticulous app security measures into the application. In this case, AnyDesk application failed to provide proper security to its users.
Let’s take a look at how do these hackers took advantage of this application to fill up their pocket with your money. The modus operandi of this app is simple.
- First, fraudster asks the user to download the application.
- Once installed, a 9 digit code is received on the user’s mobile that is accessed by the fraudster by inserting that code in his device.
- A couple of permission request will be sent to the user or victim’s phone like any other common application asks.
- And when your grant permission to these requests, you’re device is practically in control of the fraudster. Now, whenever you make transactions, OTPs or bank details are shared by the scammers.
In a few simple steps, you fall for such a lame scam and lose your money and most importantly your privacy. As the scammer can easily perform transactions from your account from any devices without your knowledge. Through UPI, Payment wallets and other digital wallets, the scammer can make transactions. Hence your bank accounts highly vulnerable to become empty. Thus, RBI alerted people and asked banks to spread awareness about such insecure applications.
Measures to Take by Users to Prevent any Privacy Breach
- Always read the terms and conditions of the applications.
- Download authentic applications that are verified by your banks.
- Avoid downloading financial apps from social media or open source.
- Before giving permissions to applications learn the need of giving them such permits.
Measures to take by Mobile App Development Companies to Secure Applications
The reason for any breach in the security occurs due to the lack of strengthening coding by the app developers. With a loophole in the development cycle, can cause a threat to the users of the applications. As private information is at the stake, mobile app development companies need to implement the proven techniques to restore the security of the apps.
Here are key measures for mobile app developers to consider while developing applications.
1. Develop Secure Coding
Developing a weak code is the same as using a rusted lock to close your house door. This can be later become a gateway for scammers and hackers to attack your applications. Design a robust app with high security. Make sure your code cannot be reverse engineered however, it is easy to update in the future.
2. Implementing Authorized APIs
APIs should be authorized centrally for exceeding the security levels. The APIs which aren’t verified creates a loophole for the hackers. Thus, only authorized APIs will help you to reduce the possibilities of security fissure.
3. Data Encryption
Every bit of data must be encrypted to securely share over the application. Encryption transforms your data into a secure code that can only be read at the receiver end through a decryption key. Thus, even there is a breach in the data, it will be tough to acquire the original data.
4. Use Two-Level Authentication
If you use simpler or vague password protection, then it is easier for hackers to steal the information. On the other hand, many app development companies when design the applications make sure to implement two-level security protection. This helps users to get a more authenticate way to secure their personal data.
At the developers’ end, they can mandate the implementation of a bold alphanumeric password to be inserted by the users.
5. Implement Cryptography Tools
Coding meticulously is a must but then storing them on a local container will vanish the entire efforts. Thus, use authentic cryptographic tools and protocols like SHA1, MD5 and trusted APIs like 265-bit AES.
Remember having a trusted well-structured encryption code is a must in today’s tech-based industries to protect highly sensitive data.
In addition to the above-mentioned measures for developers, to have a stable and secure network connection on the back-end is equally important. Today most of the data is stored on the cloud server, hence having a tight security API becomes a must for companies.
Friendly Advice for Users
- Never share your OTP or Bank Details to anyone and especially over social media.
- Frequently change your passwords.
- Make sure you use https website version
- Only use your personal device to make online payments.
- Never use public Wi-Fi as they are not a secure medium.
With the increase in the number of online ransomware attacks and hacks of digital wallets, users are getting anxious for using such platforms. Before encouraging the users to use online platforms to buy or sell things or make online payments, it becomes the sole responsibility of mobile app developers to design secure platforms.
Although, creating an app with perfect security measures is possible but it is advisable to users to keep track of the unusual account activities and be alert of any fraud. If you find any malicious activities then report to the cybercrime.
My name is Hemendra Singh. I am Managing Director and co-founder of The NineHertz, a Mobile App Development Company. I am having a keen interest in the latest trends and technologies that are emerging in different domains. Being an entrepreneur in the field of IT sector, it becomes my responsibility to aid my audience with the knowledge of latest trends in the market.