RBI Alert 1/2019: Remote Access Applications used for Fraud
On 14 Jan 2019, Cyber Security and IT Examination Cell of Reserve bank of India issued Alert No 1/2019 about new modus operandi to commit fraud on the Digital Payment Ecosystem. The alert was timely, but needs lots of elaboration. This article will attempt to clarify this alert and more.
The fraudster approaches an unsuspecting victim on any pretext such as win cashback or rewards on the 1st transaction or any other bait. The victim is lured to download one of the many remote mobile/desktop control/access application. RBI advisory is about “AnyDesk”, but any other remote controlling application would do the same thing. Once a remote access app is installed, it generates a unique ID to initiate a remote access session. The cybercriminal entice victim to share this number which can be of any length. (In case of “AnyDesk” it is 9 digits long). Once the fraudster gets this number, he can now remotely control your mobile phone or even desktop. He may hide or take over control of Remote Access application so that he retains the control over the victim's device as long as possible.
Once the criminal has remote access, he is as good as you and can do whatever you can do from your device. All security systems, measures and technology will fail. The fraudster cannot only steal away your money but have access to all your photos and social media accounts. Nothing will stay hidden from him.
Some people may wonder why such applications are made or are it a vulnerability in such applications? These applications are required for remote maintenance and customer support. It is technically called ‘Remote Desktop Protocol’. It empowers an Indian engineer to help a customer anywhere in the world. There is no vulnerability in such applications either. The problem lies in sharing ‘Session Key’ of remote access. This ‘Session Key’ remains in force till is refreshed.
Some of the Remote Access Applications are (There are many other such applications):
f. Chrome Remote Desktop
g. Air Mirror
h. VNC Viewer
i. Remote PC Viewer
j. Inkwire Screen Share
ACTION POINT: Following action points are recommended for preventing frauds using remote access applications :
a. Do not install Remote Access applications.
b. If installed, do not share ‘Session key’ unless for a specific task. During the remote access session keep your device alive and keep watching with hawk-eye, what the remote user is doing. On completion of the session or when in doubt, break the session and refresh the key/change the Session Key. On completion of the task, uninstall the Remote Access application. If in Windows Desktop, disable RDP protocol.
c. If you find any above-listed application on your device (and you do not envisage any immediate use of it) UNINSTALL it, unless you are very sure of its need.