Viruses and “Trojans” in smartphones — a fairly common phenomenon. In the phone they can get not only the fault of the user of the Amateur “walk” on dangerous sites and load them to the phone everything from unknown sources. Detect suspicious programs and to identify them as malicious antivirus can even in a new, just bought phone. And to find something he can, but to remove — not always.
The unfortunate consequence of these “finds” — a threat to say goodbye to their funds in Bank accounts. In the case of infection of the device when the client attempts to log into your personal account banking antivirus issues disclaimer: the phone is infected with virus you want to delete. But sometimes the virus is hidden in such a clever way that removed only together with the system settings, turning the phone into a “brick”.
What is the probability that such a virus or “Trojan” really steal from the accounts and the credit cards all the money? What do the customer of the Bank, and who ever will be in this case, with a gloomy prospect to compensate (in the case of credit cards) possible damage?
A similar story occurred with Muscovite Elena. Banking antivirus in mobile has issued a warning about the presence of the virus, to remove which was impossible. “The employees of the Bank in agreement with me promptly blocked my credit cards, deleted the personal account of the user with all the data, because it was not clear how deeply he managed to infiltrate the virus and with what consequences for my accounts. Now to unlock the card every time you have to call the Bank, and then again to block it. The Bank advises to reissue all the cards,” says Elena.
Buying a new phone in what have not resulted. “I bought a new smartphone in the cabin, by reservation, not “with it” to download it to a Bank program — but in the new phone which was delivered to me sealed, there were already three new problems! And also neudalimye. One of them factory settings artlessly labeled as “Trojan”. Or rather, Android/Trojan.Agent.gx. As stated in the service center, the antivirus can “swear” on the Android operating system that, “basically, nothing”, seeing it as a virus. There are ready to reflash the phone, but do not guarantee that this will solve the problem. What should I put on a new phone with a “Trojan” banking application, risking to lose all money from accounts and credit cards and then pay all this to the Bank because my money was stolen “Trojan”? And where is the guarantee that in a new phone — and you can change them to infinity — not found the same problem?” she says.
It turns out, the Russians are selling smartphones with sewn suspicious or malicious (as they identificeret antivirus) programs, which aim at the average user, without hacking skills is completely understandable. That will make “Trojan” in one hour — uploads personal pictures to the network, disable important programs or reset the Bank account is impossible to predict. Anti-virus software, as noted above, the problem can not be solved by giving customers a deal for the money with this bouquet of joys to own.
The rescue of drowning
Stealing money from the accounts of various malware is a serious problem, says information security expert, Cisco Systems Alexey Lukatsky. Not important if someone has a smartphone or cheap, problem may affect any owner of an Android.
“A lot of these cases. It all depends on the Bank and its application, the security mechanisms it implements. Moreover, 99% of all malicious programs for banking applications written under Android. The virus can quite easily intercept one-time passwords sent via SMS, expose them and transfer money. A banking Trojan horse, and act. So now, with the assistance of the Central Bank introduced new rules that banks must observe in implementing new mechanisms to protect mobile users,” — said the expert.
In particular, we are talking about a gradual withdrawal from SMS toward either push technology, or electronic signatures, the use of special tokens or cards with one-time passwords and other technologies to combat fraud — from the side of the Bank, says Lukatsky. “It’s tracking non-routine transactions and certain other events, which few people advertise. They aim to identify distinctive features it malware or hackers,” — says the interlocutor of “WORLD 24”.
On the other hand, the presence of a smartphone “Trojan” is not always means that its purpose is to steal other people’s money. “Too often manufacturers, especially Sino — install the program to track user behavior in order to sell this information to advertisers that will produce more focal, contextual advertising,” says Lukatsky.
Is this legal? It is difficult to imagine that the passage of mandatory certification in Russia, officially confirming the product is in compliance with the norms and standards of the Russian Federation, the manufacturer claims that it intends to sell the phones with “Trojan” to collect advertising information.
“They don’t call it a “Trojan” is a program for the analysis of user behavior, which in essence, makes any browser and web site. If I call a program to collect user information, no one will pay attention to it. But all this, at least, violates the law on personal data, and therefore illegal,” — said the expert.
As a regular user seeing a notification antivirus about the virus or “Troyan” — to distinguish relatively harmless object from the one that can really empty your Bank account? And, most importantly, why do ordinary people need all this to go?
“Unfortunately, in this case, the rescue of drowning — the handiwork of drowning. For their safety must ensure the users themselves. None of them this will not solve the problem, never planned to solve and shouldn’t do. The antivirus will reduce the risk of infecting smartphones with malware, but would not reduce it to zero. You also need to regularly update the firmware of the smartphone and the software installed,” — said the interlocutor of “WORLD 24”.
In the case of Android, you also need to ensure what rights are endowed with certain installed on the smartphone app. “Very often applications request excessive rights because they contain additional functionality, which should not be there. For example, some weather app requests access to your contact information and address book. This is nonsense. So the user should carefully assess why a particular application to access mail, address book, other information,” — said the expert.
The head of the Agency of cyber security, member of the expert Council of state Duma Committee on information policy, information technologies and communications of Evgeny Lifshitz, for its part, considers that in this case, is primarily to blame unscrupulous manufacturers of smartphones.
“First, is that the producers purposefully lay some NDV — undocumented features of the device, as it is called in the law-enforcement agencies, and secondly, they are not properly maintained for the safety of their devices. Both is a big problem,” — said the expert.
Using NDV manufacturers collect information and for advertising, and for your own databases for further analysis, I agree with my colleague Lifshitz. In principle, a special crime in that, it would seem, and figuring out how many times the user charges the smartphone or how many photos does, the manufacturer is trying to understand how to improve their devices in the future and what to focus on long-term battery or a new camera. If the smartphone is sewn blatant “Trojan horse”, he also collects and transmits some data. But what user will never know, because it has no firmware of this program.
“It is not talking about the original harmfulness of this “Trojan”, and that some user data where it is transferred”, says Lifshitz. But the antivirus checking such software with their data, can recognize it as malicious. Anyway, if banking antivirus “swears” on some application, it is easier to believe the antivirus and block the cards, not to understand how “good” you have a “Trojan” or not.
In addition, according to Lifshitz, “there are varieties of really dangerous “Trojans” when they fix all that you have on the screen, everything you click, everything you write in SMS”.
“Like keyloggers in the first place, we need those who are going to steal your Bank accounts and data. They record all actions with the phone and can completely seize control of it,” — said the expert. These keyloggers (which, incidentally, can be easily downloaded in the Internet) — huge number of several hundred. Again, what got into the phone of a citizen, and what it means, it may turn out, alas, after the fact, when it’s too late.
Apple, according to Alexei Lukacova protected more reliably. “History with a built-in virus were not met even once and probably in the foreseeable future will not meet. There are more stringent selection program. In addition to the Apple smartphones on iOS, no one does. And on Android they have several thousand manufacturers. So really, this Orgy leads to the installation of malware very often,” he explains.
At the same time, if you read the instructions to some smartphones on the Android platform, it turns out there are plenty of funny things.
“The device can contain data, including applications and software provided by third parties for use in the device (“Applications by third parties”). All third-party applications in this device are provided “as is” without warranty of any kind, Express or implied, including product guarantees”, — the document says.
Further quite remarkable: “the manufacturer is not responsible for claims, lawsuits or any other actions arising out of the use or attempted use of third-party entities. the Presence of application may vary depending on the country where you use the device. In any cases the manufacturer shall not be liable to the purchaser for the available application and software of this device, the absence of one or more applications, and any consequences that may arise after the removal of these applications.”
Simply put, the phone can be anything with any consequences for the buyer, but the manufacturer does not bear any responsibility for it “in any cases”, period.
Anti-virus: friend or foe?
Antivirus sometimes can not cope with contagion, as a manufacturer registers it with the operating system as a system service. Without root access, the antivirus will not do anything, but do I need to provide him such?
“There is a theory according to which the manufacturers of anti-virus do these viruses and produce, because for them it is the best marketing and sales channels. And I’m ready for this theory to discuss. History knows cases, when the antivirus database of the antivirus has appeared before in the system appeared the virus itself. Any antivirus for functions, too, is a “Trojan” and has more access to you and your Bank data than most of the “Trojans”. If the “unfair” anti-virus or employee of antivirus company wants to empty your Bank account, it will do it much faster than the virus,” says Lifshitz.
By the way, so many use push-button phones. “From the moment you enter to the global network, you are vulnerable. Only possessing special knowledge, can somehow protect. So the majority of citizens are very vulnerable. But if we are talking about money, it is about the protection and security of their customers first and foremost, to think Bank. And it needs to publish recommendations on which smartphone to install a banking application, and which are not. From the point of view of legal casuistry, in the case of zero credit cards with a virus to pay can make and client, although to take care of accounts of the prerogative of the Bank. And if the client has disappeared from the account money, the Bank needs to understand why this happened. For him, it is fraught with great loss of reputation. The victim should contact the Bank, not the police, a statement on the manufacturer of the virus. At this the police would send,” — said Lifshitz.
Lukatsky, for its part, says that the antivirus is still not as terrible as their “opponents”.
“There is a famous myth that antivirus companies write the viruses, but it is not a proven fact. They have no lack of work. And extended rights antivirus often need to have the opportunity to look deeper and treat the device from malicious programs. Therefore, it is an inevitable evil,” he believes.
In turn, in the “Kaspersky Lab” “the WORLD 24” was assured that the allegations about anti-virus company, allegedly writing viruses is a myth that has no historical or any other motive. “We are not engaged in writing and distributing malware. It’s like asking a fire: burned do you ever go home? This is not only contrary to professional ethics, be held criminally responsible, but most importantly, there is no point: every day “” Kaspersky Lab handles more than 380,000 samples of new malware that are created by virus writers. For them this is a very profitable business,” the company said.
In addition, as explained in the “Kaspersky Lab”, if it was doing something like that, and word got out would be competitors and the media (as they surely knew would be), the reputational damage would be irreparable. “Part of the problem for research malware is attribution, that is, an attempt on various grounds to determine who wrote the malicious code. Often this can be done with quite high accuracy. Secondly, our company need to write the malware themselves to increase the demand for antivirus: malware need protect people enough. The company employs about 4,000 people and all have something to do, and without writing viruses. We proudly declare that trying to save the world, and the writing of malware in this mission does not fit”, — emphasized in the company.
What happens in that sense, my colleagues in the “virus” did not comment.
However, there is another problem that draws the attention of Alexey Lukatsky. “Infected” may the antivirus and other programs downloaded even from trusted sources.
“The probability of this, compared with the probability of infection of some other programmes is not very high, though completely to exclude it it is impossible — especially if your antivirus program is downloaded from a free site, where you can enjoy a free treat from viruses. There are malware that are disguised as antivirus. By the way, quite a lot of malware may be on Google Play. Google is much less closely monitoring the quality and security of that which is laid out in Google Play — unlike, again, from the same Apple. Of course, Google is making efforts to clean it, but initially there is the concept of the other — openness. Therefore, anyone can fill anything. To identify and then remove these programs only after the fact, but during that time they can download hundreds of thousands of users. And such cases, with Google a huge amount,” says Lukatsky.
Google “MIR 24” is explained that the data security of all users of Google Play is the first priority of the company. “Each application to the platform is thoroughly tested and will be locked if it violates the rules of Google (in the year 2018, the number of rejected applications download applications in Google Play has increased by 55% compared to 2017). But even after that, our daily system scans all installed on Android devices apps and notifies users if any of them carries even a minimal threat to data security”, — noted there.
Robbed: what to do?
Anyway, if the money from the account through the fault of a Trojan horse or virus still missing, there is a set of emergency measures.
“It all depends on what is written in the contract between the customer and the Bank. The most important thing is to quickly declare an unauthorized write-offs, notifications about which should come in a text. The client should immediately write a letter to the Bank so that he could stop the payment. He still is not instantaneous. And follow the instructions of security service of Bank, prepared for this occasion. If the client is going to last at least a day, money can leave the Bank account, and in the best case you can stop them enrollment on account of scams, but to return them will be possible only by court order. But this would require a criminal case. Therefore, client-side needed maximum efficiency and a statement that such operations have not been produced. Then you can try to stop the payment. However, this does not guarantee that the client will not be recognized guilty in the case of theft of funds: if it has not complied with security guidelines prepared by the Bank, it will be the negligence and fault of the customer,” — says Alexei Lukatsky.
The statement will have to write writing — a simple call to the Bank will not be enough. Time to prevent unauthorized payment will be a little few hours.
“The Bank will have a written statement on the suspension of action on the account, this is not a whim of the Bank, and the requirement of the law as on behalf of a client may call and the scammer. To fake a phone number today is not difficult, and the Bank in this plan are hedged. If he illegally suspended the account, without the owner, may be followed by punishment by the regulator. Therefore, a written statement should be. As to the time, common rules, probably not. If the person is asleep and during his sleep sent the money, it all depends on where he was in the Bank. If in the same time zone, it’s not so critical at night time, many payments are not held, they take place in very specific time intervals. And if the person was on vacation in another time zone and was sleeping at the time when his Moscow Bank had conducted basic operations, it may be too late. If it took more than a day, the probability to suspend payment and to return the money is very small,” — said the interlocutor of “WORLD 24”.
That is, it is optimal to act within the first 2-3 hours.
According to Evgeny Lifshitz, in case of theft of funds from accounts “Trojan” or a virus, you can try to sue the manufacturer, even if it sits somewhere in China.
“All these devices are certified for compliance with Russian standards, and if the device has malware, and the certificate he issued, violated the law. A lawsuit against the manufacturer can be submitted on the basis that he received a license for a secure device, and sells it with a known malware. It turns out, the device was certified with a single hardware and hardware-software complex, but in fact deliver more, and this is a severe violation. The manufacturer is facing a serious trial. But to understand the real prospects of litigation of this kind, somebody needs to start setting a precedent. Why not?” the analyst notes.
For his part, Alexey Lukatsky in the success of this enterprise does not believe.
“Theoretically, this is always possible, but in practice this is never done. Any product, especially in the field of information technology, is usually sold on an “as is”. Buy it and enjoy the fact that this is at your own risk. Claims after the sale are not usually accepted, this kind of equipment cannot be returned, the claims are usually quite difficult. He works? Works, and to prove the existence of a “Trojan,” or allegations that he is included by the manufacturer, and not somewhere on the road or in the shop where the phone was purchased, very difficult,” — said the interlocutor of “WORLD 24”.
But is there a way strategically to protect themselves from all possible risks? Or really should think about going back to a push-button phone and remove banking applications?
“At least, you need to think about what security mechanisms are offered by the Bank to protect your money. Secondly, most banks are now on-demand controller provides the ability to impose certain restrictions on operations carried out via the Internet, cards, mobile apps, etc. for Example, can be limited to a certain amount per day that withdraw will be impossible, or create a “white list”, where you can transfer funds without your knowledge. Other will require confirmation, including a voice call from Bank employees. There are different schemes which do not allow attackers to steal all the money from the accounts. May be not all, but a very small amount,” — concluded Lukatsky.
Read more •••