Dismissing the claims that there is something wrong with 'AnyDesk', company's COO Oldrich Muller said that fraudsters were able to use the app only because users granted them access to their device. "It had been brought to the RBI’s attention that fraudsters were using remote desktop applications, such as (but not limited to) AnyDesk, to take remote access of a user’s mobile device and carry out transactions. Such fraud is only possible if the user grants someone access to their device and any such transactions are not due to an issue with AnyDesk’s application," he told Zee Business Online, in an exclusive conversation. 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

On 14 February this year, the Reserve Bank of India (RBI) had alerted banks about potential fraudulent transactions on the unified payments interface (UPI) platform. In a notice, RBI said that a mobile app named "AnyDesk" was being allegedly used to target the mobile phones of customers. The alert was issued by the RBI's cybersecurity and IT examination cell. 

The notice added that once the app is downloaded, it seeks permission to access control of the phone like other applications. But, when the access is granted, it steals confidential data on the phone to carry out fraudulent transactions through other payment apps available on the phone. 

Later, NPCI too mentioned the app in one of its notices, saying, "Fraudster would lure the victim on some pretext to download an app called ‘AnyDesk’ from Playstore or Appstore."

But, Muller claims that the App is totally secure and uses banking-standard TLS 1.2 technology to protect users’ computers, as well as RSA 2048 asymmetric key exchange encryption to verify every connection. He said that the technology is trusted by millions of people and 15,000 companies in 165 countries. 

"The type of scam the RBI refers to is a result of fraudsters gaining the trust of users and convincing them to share their access codes. Users need to be very vigilant and treat their access codes in the same way they do their personal data and possessions. Before you share these codes with anyone, consider very carefully who you are giving the information to. This type of fraud isn’t new and criminals are always looking for new methods. Users need to be very careful," he said. 

Muller said that the company is concerned that users have been victims of this kind of criminal activity but cited the RBI statement to point out that users need to be increasingly vigilant about the kind of data they are sharing. "This isn’t a warning about using remote desktop services, such as AnyDesk, but the fact that users should not be lured into sharing access codes with people they don’t know," he said.

He said that the scam was only possible as the scammer was able to convince users to share their access code which is similar to if user shares their banking login details over email or a telephone call. 

To ensure that such incidents don't happen in future, AnyDesk would continuously remind its users that they should only share access codes with people known to them. Muller said that such information should be guarded in the same way you would guard your bank details and key codes for your property. 

Watch this Zee Business video -

"The scam incidents flagged by the RBI aren’t due to a flaw in AnyDesk’s technology  - or other remote desktop applications - but the fact that users have been convinced to share information with strangers. A security message for users will be displayed, explaining what to look for to ensure a fully-secure remote session and reminding them not to share personal access codes with strangers," he added. 

Muller hoped that RBI and the government too provides additional education that ensures users are not lured into such scams.

"Any additional education around information sharing and exercising extreme caution when imparting access codes will help ensure that users aren’t lured into scams," Muller concluded.