Software:AnyDesk

From HandWiki
AnyDesk
AnyDesk-logo.svg
Developer(s)AnyDesk Software GmbH, Germany
Operating systemWindows, macOS, Linux, Android, iOS, FreeBSD, Raspberry Pi
TypeRemote desktop software, Remote administration, Remote support
LicenseProprietary software
Websiteanydesk.com

AnyDesk is a remote desktop application distributed by AnyDesk Software GmbH. The proprietary software program provides platform independent remote access to personal computers and other devices running the host application.[1] It offers remote control, file transfer, and VPN functionality.

Company

AnyDesk Software GmbH was founded in 2014 in Stuttgart, Germany and has gone worldwide, with subsidiaries in the United States and China .[2]

In May 2018, AnyDesk secured 6.5 million Euros of funding in a Series A round led by EQT Ventures.[3][4] Another round of investment in January 2020 brings AnyDesk to over 20 million Dollars of combined funding.[5]

Software

AnyDesk uses a proprietary video codec "DeskRT" that is designed to allow users to experience higher-quality video and sound transmission while reducing the transmitted amount of data to the minimum.[3]

With its three megabyte total program size, AnyDesk is noted as an especially lightweight application.

Features

Availability of features is dependent upon the license of the individual user. Some main features include:[6]

  • Remote access for multiple platforms (Windows, Linux, macOS, iOS, Android, etc.)
  • File transfer and manager
  • Remote Print
  • VPN
  • Unattended access
  • Whiteboard
  • Auto-Discovery (automatic analysis of local network)
  • Chat-Function
  • REST-API
  • Custom-Clients
  • Session protocol
  • Two-Factor-Authentication
  • Individual host-server

Security

AnyDesk uses TLS-1.2 with authenticated encryption. Every connection between AnyDesk-Clients is secured with AES-256. When a direct network connection can be established, the session is endpoint encrypted and its data is not routed through AnyDesk servers.[7] Additionally, whitelisting of incoming connections is possible.[8]

Abuses

AnyDesk can be optionally installed on computers and smartphones with full administrative permissions, if the user chooses to do so.[9] It therefore should, like all remote desktop applications, be used with caution as it may result in a remote full access to the device via the internet.

Mobile access fraud

In February 2019, Reserve Bank of India warned of an emerging digital banking fraud, explicitly mentioning AnyDesk as the attack channel.[10] The general scam procedure is as follows: fraudsters get victims to download AnyDesk from the Google Play Store on their mobile phone, usually by mimicking the customer service of legitimate companies. Then, the scammers convince the victim to provide the nine-digit access code and to grant certain permissions.[11] After permissions are obtained and if no other security measures are in place, the scammers usually transfer money using the Indian Unified Payment Interface.[12] A similar scam took place in 2020 according to Kashmir Cyber police.[13]

Bundling with ransomware

In May 2018, the Japanese cybersecurity firm Trend Micro discovered that cybercriminals bundled a new ransomware variant with AnyDesk, possibly as an evasion tactic masking the true purpose of the ransomware while it performs its encryption routine.[14][15]

Technical support scams

Main page: Social:Technical support scam

Scammers have been known to use AnyDesk and similar remote desktop software to obtain full access to the victims' computer by impersonating a technical support person.[16][17][18] The victim is asked to download and install AnyDesk and provide the attackers with access. When access is obtained, the attackers can control the computer and move personal files and sensitive data.

In 2017, the UK based ISP TalkTalk banned Teamviewer and similar software from all its networks after scammers cold called victims and talked them into giving access to their computer. The software was removed from the blacklist after setting up a scam warning.[19]

See also

References

  1. "Innovative and Reliable: Our Features" (in en). https://anydesk.com/en/features. 
  2. "AnyDesk verspricht PC-Fernsteuerung in Echtzeit" (in de). https://www.deutsche-startups.de/2014/07/16/anydesk-verspricht-pc-fernsteuerung-echtzeit. 
  3. 3.0 3.1 "AnyDesk scores €6.5M for its remote desktop software – TechCrunch" (in en-US). https://techcrunch.com/2018/05/14/anydesk/. 
  4. "EQT Ventures' investment in AnyDesk" (in en). https://eqtventures.com/article/eqt-ventures-investment-in-anydesk/. 
  5. Partners 2020 (https://www.insightpartners.com/),+Insight+(2020-01-22).+"Global Software Innovator, AnyDesk, Launches Expansion with Leading Growth Equity Investor, Insight Partners | News & Press" (in en-US). https://www.insightpartners.com/about-us/news-press/global-software-innovator-anydesk-launches-expansion-with-leading-growth-equity-investor-insight-partners/. 
  6. "Category:Features - AnyDesk Help Center". https://support.anydesk.com/Category:Features. 
  7. "Security - AnyDesk Help Center" (in en). https://support.anydesk.com/Security. 
  8. "Access and Session Requests - AnyDesk Help Center". https://support.anydesk.com/Access_and_Session_Requests. 
  9. "Administrator Privileges and Elevation (UAC) - AnyDesk Help Center" (in en). https://support.anydesk.com/Administrator_Privileges_and_Elevation_(UAC). 
  10. KVN, Rohit (2019-02-18). "RBI malware warning: Refrain from installing 'AnyDesk' mobile app or else risk losing bank balance" (in en). https://www.ibtimes.co.in/rbi-malware-warning-refrain-installing-anydesk-mobile-app-else-risk-losing-bank-balance-792170. 
  11. "RBI AnyDesk Warning: This app can steal all money from your bank account, never download" (in en). 2019-02-17. https://www.zeebiz.com/india/news-rbi-anydesk-app-warning-against-fraud-upi-payments-do-this-to-save-money-86274. 
  12. "RBI Cautions Against Fraudulent Transactions On UPI Platform". https://www.bloombergquint.com/business/rbi-cautions-against-fraudulent-transactions-on-upi-platform. 
  13. "Cyber Police Kashmir unearths 'AnyDesk' online fraud" (in en). https://www.daijiworld.com/news/newsDisplay.aspx?newsID=734885. 
  14. "Legitimate Application AnyDesk Bundled with New Ransomware Variant - TrendLabs Security Intelligence Blog" (in en-US). 2018-05-01. https://blog.trendmicro.com/trendlabs-security-intelligence/legitimate-application-anydesk-bundled-with-new-ransomware-variant/. 
  15. "WanaCrypt Ransomware – 202 N Van Buren Rd Ste E Eden, NC 27288" (in en-US). http://www.microsupportsystems.com/index.php/2017/05/15/wanacrypt-ransomware/. 
  16. "As social engineering activities increase buyer beware of tech support scams" (in en-US). http://www.verizonenterprise.com/verizon-insights-lab/VES/as-social-engineering-activities-increase-buyer-beware-of-tech-support-scams. 
  17. "How to avoid being a tech support scam victim | thinkbroadband". https://www.thinkbroadband.com/news/7647-how-to-avoid-being-a-tech-support-scam-victim. 
  18. "02085258899 - tech support scam (using anydesk.com, teamviewer.com and supremofree.com)". https://blog.dynamoo.com/2016/12/02085258899-tech-support-scam-using.html. 
  19. "ISP customer data breach could turn into supercharged tech support scams" (in en-US). Naked Security. 2017-03-20. https://nakedsecurity.sophos.com/2017/03/20/isp-customer-data-breach-could-turn-into-supercharged-tech-support-scams/. 

External links