New Q&A session! Meet the people who developed Chat Protection and ask them anything

Alexandru_BD
Alexandru_BD admin
edited April 2023 in Security Research Team

As you may have already found out, Bitdefender created the first real-time chat protection capabilities for mobile-based instant messaging applications, available to Bitdefender users since November 2022.

Chat Protection is incorporated into Bitdefender Mobile Security for Android through Bitdefender Scam Alert technology, used by consumers worldwide for monitoring, detecting, and stopping link-based attacks delivered via messaging applications, notifications, and SMS text messages. Chat Protection continuously monitors chat sessions alerting users of suspicious links that might attempt to steal financial data, credentials, and other sensitive information.

This protection layer comes as a complementary preventive measure on top of the existing security technologies offered by Bitdefender Mobile Security. It fends off threats on the most-used chat apps: WhatsApp, Facebook Messenger, Discord and Telegram, besides the SMS and notification protection offered by ­Scam Alert. The innovative Chat Protection feature was well received by our users and widely acclaimed by independent antivirus reviews and magazines.

It is my great pleasure and honor to welcome our new guests to the Expert Community, as we dive into the first Q&A session of the year!

Meet the people who developed the Chat Protection project and ask them anything:

Alexandru Marinescu - Manager, Cyber Threat Intelligence Lab

 “I joined Bitdefender during my second year of college. Since then, I've been working on various projects, having my share of both development and Android malware analysis. In my spare time, I enjoy long hikes with friends during summer, skiing steep slopes during winter and jogging all year round.”

Alexandru coordinates technical teams and develops technologies for detecting attacks on mobile devices.

Adrian Gozob - Security Researcher, Cyber Threat Intelligence Lab

“I was fascinated by technology from an early age and soon developed a passion for understanding how computers work, especially the software side. I became a Bitdefender in college and since then I focused on analysing Android malware and developing tools used for detection. My favorite recreational activity is playing and tweaking my guitars.”

Adrian deals mainly with the development of behavioral detection technologies for malware.

Marius Tivadar - Senior Manager, Cyber Threat Intelligence Lab, who coordinates Forensics teams and the Mobile Security division within the Cyber Threat Intelligence Labs department.

Have you got any security questions or concerns? Do you want to find out what are the latest mobile threats? Or the best ways to protect against mobile malware? Curious about how Chat Protection works? Want to know more about the people of Bitdefender?

Here’s your chance to ask, so let the questions flow in the comments below!

Premium Security & Bitdefender Endpoint Security Tools user

Comments

  • fedor
    fedor Defender of the month mod
    edited March 2023

    Hello everyone,

    excuse me because I don’t speak too much English so it’s the translator who does the work.

    already I wanted you to be happy for your quality work.

    I wanted to know:

    -how long did it take you to create chat protection?

    -effectively how does chat protection work?

    -indeed, what are the latest mobile threats?

    -how many years of study to work at bitdefender?

    Best regards

  • Scott
    Scott Defender of the month mod

    Hello :)

    It may not have so much to do with Chat, but what would you not do on a smartphone, but would feel more secure about doing on a more battle-hardened notebook or desktop? Do you think it's safer to do online banking on a phone, or behind Safepay? What about banking apps on our phones? I just get concerned with all that we have and do on our phones, all of the apps etc even our Central app, where if we lost our phones, or were stolen how concerned should we be about what we have on them? Thank goodness for Bitdefender Security where I can wipe the phone from my Central account, is one of the best app I have on my phone (besides its general security protection).

    I know we password protect our phones, and we can enable app locks, but how secure are our phones in general? Again, are there things that concern you that you steer away from using or having on a phone?

    Thank you :)

    All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hello, Fedor!


    It is difficult to say how long it took for the development of Chat Protection as a whole, since we are continuously working on improving the feature and it is also linked with other technologies that were created and perfected over the years.


    Chat Protection works by scanning the URLs inside supported applications while you are chatting. This way we protect the users against live phishing attacks. We currently support WhatsApp, Messenger, Telegram and Discord and we are checking for infected URLs not only in the received messages, but we also scan the ones you send. This way we are trying to decrease the propagation of malicious "copypasta" messages by letting the users know if they accidentally sent a dangerous link to someone.


    Based on what we noticed "in the wild", I would say that mobile threats these days are focused on social engineering - they try to lead the users into giving away their data without them noticing, instead of actually stealing the information using complex exploits. Android and iOS came a long way since their first versions and this makes them increasingly more difficult to take advantage of. They both receive regular security updates which fix known exploits and they both have strict limits of what applications can do with the device, even if the user grants them any permission (of course, given the fact that the device is not rooted or jailbroken). However, there are still plenty of cleverly crafted malicious applications targeting mobile platforms. Most of them are sideloaded from third party sources, but every now and then viruses make their way into the official app stores. Besides the Scam Alert and Chat Protection features, Bitdefender Mobile Security has an industry leading app scan engine, so you can rely on it for protection against the latest malware.


    Regarding studies, I would say that skill and passion are more important than professional education for working at Bitdefender. Me and most of my Security Researcher colleagues have a Software Engineering degree but, of course, it depends on the role that you are chasing.


    Thank you and have a great day!

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hello, Scott!


    I would say that a smartphone and a desktop or laptop can be just as secure if they are properly setup. Having the Bitdefender Mobile Security and Bitdefender VPN apps on your device will offer you the level of protection needed for safe mobile banking.

    I recommend that you use Safepay on desktop whenever possible since it is a powerful tool, with built-in VPN, screenshot and keystroke protection. However, online transactions can be just as safe on a smartphone. On Android, the OS will not allow taking screenshots or screen recordings in the majority of banking applications and in some browsers (e.g. Google Chrome incognito tabs). Additionally, you can login and authorize payments using biometrics to avoid your keyboard input being somehow read by unauthorized apps.

    Also, you should avoid sideloading any applications. The safest thing, and what I personally do, is to only install applications from official markets and from well known developers.


    What you need to do related to unauthorised physical access to your devices is to make sure that they are encrypted and protected by a strong password. If you do so, chances that someone could access your data in the eventuality that you loose it or it gets stolen are extremely low. I agree that remotely wiping our devices is a great option and gives us peace of mind that whatever personal information we had stored can vanish with a click.


    Thank you for your questions :) Have a good day!

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hi, Bradley!


    Bitdefender Chat Protection is a feature that assures our users that they do not get tricked into visiting malicious websites sent in a live chat session in one of the supported apps.


    Every chat application is responsible of properly encrypting the data which they store on the device and send over the internet, including user conversations. Many of the popular and trusted applications that are used nowadays, such as WhatsApp or Telegram, already do so.

    There would be no reason for us or any other security solution to tamper with the locally stored data of chat applications and even if we tried to, the mobile platforms would not allow this.


    If you are concerned about the conversations which are leaving your device over the internet and want an additional layer of security, you should consider using Bitdefender VPN.


    I hope it's all clear now.

    Thanks for commenting, have a good day!

  • Scott
    Scott Defender of the month mod

    Thank you for your thoughtful and helpful reply, Adrian, I appreciate it :)

    Your reply to fedor, was very insightful, too.

    All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    @agozob, as checked, the chat protection lacks scanning of links on instagram messages, skype messages, microsoft teams, google meet, and I am talking about the android version of all these applications, any update on this.

    https://www.bitdefender.com/news/bitdefender-launches-industrys-first-chat-protection-feature-for-mobile-based-instant-messaging-applications.html

    Also what I am trying to understand here is the purpose of introduction of chat protection feature because the bms already has the feature of blocking malicious/ phishing websites. So, even if someone will get a link on the currently supported social applications by chat protection and lets suppose the links are malicious, still the link will open in the web browser installed on the respective android devices only and as I already confirmed above the bms already has the feature of blocking malicious/ phishing websites, so what is the need for chat protection then.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • fedor
    fedor Defender of the month mod

    good evening agozob,

    Thank you for your answers, which taught me a lot about bitdefender.

    If I have other questions, I will certainly ask them.

    good evening.

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hello, Flexx!

    I am glad you asked these questions, I think they are very well thought!


    The reason why Chat Protection only works with WhatsApp, Messenger, Discord and Telegram for now is because statistics show us that by only supporting these 4 applications we help BMS users deal with most of the URLs that they receive from chat applications. Supporting such apps is unfortunately not as simple as just "enabling" them by adding their package name to a list. Each one of them requires research and development.

    The infected URLs inside apps which are not supported by Chat Protection will indeed be detected by the Web Protection module if the user attempts to open them in a browser, just like you mentioned.

    We do think about adding Chat Protection support for more apps in the future, but as of now we cannot provide an estimate of when this would happen. In the meantime, please rest assured that we have been focused on technology improvements behind the scenes, which have a greater positive impact on the security of our users.


    There are multiple reasons for which Chat Protection was introduced.

    The first one that comes to mind, and the obvious one, is that it allows us to alert the user before he even has the chance to open an infected link, so the web browser will not even try to load the URL. A second reason would be what I also wrote in my reply to @fedor - it allows us to also scan the URLs that users send to someone, in case they accidentally forward a link to a malicious website.

    There are also some less obvious reasons why we created Chat Protection, one of which you can test yourself. Some of these chat apps, for instance Facebook Messenger, have built-in web browsers which are used by default when opening URLs. These custom web browsers are lightweight and some do not even show the full URL of the web page in the address bar - which makes it impossible for us (i.e. the Web Protection module) to "find out" the address of the opened page in order to scan it. Using Chat Protection paired with Scam Alert (for notification scanning) makes sure that the users won't get to visit those links, not even inside the built-in browsers.

    As a final thought on this I will explain an important advantage of Scam Alert, since Chat Protection is basically a submodule of if and this applies to both of them. Some scam and malware campaigns circulate through certain communication channels. We have seen malware which automatically spreads by sending download links via SMS to the whole contact list. There are certain scams that usually happen in certain chat applications (think WhatsApp). The other day I was reading an article about a newly discovered variant of the Xenomorph banking trojan which was reportedly spread through Discord. You might see where I'm going with this - knowing that "URL X was sent via app Y" is a more powerful information than "URL X was opened in a browser", as it allows for a quicker and more reliable detection of new malicious campaigns.


    I hope my answer makes you understand the importance of Chat Protection.

    Thank you for engaging into conversation and have a nice day!

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited March 2023

    Thanks for your prompt reply. I certainly find it helpful and I also the other day was reading about this Xenomorph banking trojan. But here is the thing. I know creating or implementing a thing is not easy as it may sound and there are limitations in the applications also.

    But I would love to see bms chat protection cover instagram messages, skype messages, microsoft teams, google meet. Because, if bitdefender is creating something new, then why not include as many as application that can make use of that feature.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    I agree, it would be great to see support for as many apps as possible in the future. From the list of apps you enumerated, Instagram makes the most sense, since scam campaigns started to rise on the platform, so supporting it would probably be top priority.

    You'll hear from us whenever this would be ready :)

    Again, thanks for your input, know that it has been taken into consideration!

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • @agozob Could it also be added to the Free version of Bitdefender antivirus for Android in the future?

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hello,

    Bitdefender Antivirus Free offers malware protection only and we unfortunately do not have any plans to integrate this feature in the free version. If you want to try out Chat Protection, you can get the paid version of our Android app (Bitdefender Mobile Security) and register for a free 14 days trial.

    Thank you and have a good day!

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    @agozob do you only deal with chat feature product development in bms or also other features, since I want to request a feature in bms which was previously (about 2-3 years ago) neglected by your development team. Additionally, do you also deal in creation of malware signature for android malware since your current status on forum shows as Security Researcher, Cyber Threat Intelligence Lab. If you can clarify I have a request to be implemented in both the paid and free version of bms and it is the same feature.

    Reards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hi, @Flexx!

    I do deal with both creating Android malware signatures and with the development of multiple detection technologies used in the product.

    Sure, you can leave your feature suggestion here but, for the record, the most I can do is pitch it to my team :)

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited March 2023

    Okay, so like I did it a year ago by requesting a feature of delete all option in both bms free and paid version.

    Explaining in brief like suppose, bms detects my device is infected with let's say about 20 or more malicious apps which are either installed or in the .apk package form. Now, when bms free or paid version detects all the sample as malicious, it only provides an option to delete the malicious apps or packages one by one. There should be two options available in this case. One where user can either remove the malicious apps or malicious packages one by one and second a delete all option (which by the way all other vendors have) so that on one click all the malicious apps and packages gets deleted.

    Moving furter, like you I am also interested in malware stuffs and I have a collection of more than millions of malicious samples of different OS. Let's assume I have around 50,000 malicious samples of android and I scan it with bms free or paid, and the apps detect only 30,000 samples as malicious, so in order to know which samples were not detected by bms and send it to malware research lab, I need to first remove those 30,000 malicious samples and by current process I only have the option to delete those 30,000 samples and that too only one by one which is like lifting up a mountain. Here is where one click delete option comes into place which will immediately delete all the detected malicious package and malicious apps and then I can send the remaining undetected packages to research team to get them checked and create detection against the malicious packages.

    Now, if I try other way around and send all the 50,000 packages to malware research team and when they will check the same thing on their side and see that from the collection of 50,000 samples, 30,000 are already detected and then check for the other remaining apps for malicious behavior, this will certainly cost them a lot of time, since we know every second a new malicious app is created be it for any OS.

    So, my request to you @agozob is that, to talk to your development team and include a delete all or remove all option in both bms free and paid.

    A normal person can remove around 10-20 apps manually if detected by bms and that too one by one but after that it really becomes a hell lot of work. Bitdefender competitors like eset has the option to delete all the apps in one go which are detected as malicious after a scan, kaspersky and dr.web has the option to delete all the malicious apps at the time of scanning or after the scan is completed and that too in one go.

    So, my only request to the bms developers is to introduce a one click delete all option so that user of bms do not have to remove the detected malicious apps on their devices one by one, it is really a very hectic job.

    One more additional feature that I had a conversation with the developers is to introduce a offline malware database that will store all the signatures on the device itself. Like all your competitor vendors, they store the malware database on the device itself with the option of cloud scanning enabled, bms is totally dependent on could scanning which is not at all a good option

    I have a reason to support my feature, and it is like we both are going on a mountain trip and we both do not have any knowledge about malware and the area where we are going has either limited connectivity or no connectivity of internet at all. I see you are playing a game and I told you to transfer the same game to me through either bluetooth or via wifi direct and the package is malicious. You transferred me the same package via wifi direct or bluetooth and I installed it on my device and bms was unable to detect it because it totally relies on cloud scanning and the area where we are either has limited or no connectivity to internet. Hence, despite having bms my device still got infected and a simple reason being that bms did not had malware databases installed on the device itself.

    So, I would like to conclude by saying that please think and implement this on immediate basis, since both of the option are available with bitdefender competitors.

    1) Introduction of delete/ remove all option if bms finds malicious apps or malicious packages on the device.

    2) Introduction of offline storage of malware database on the device.

    I know, in today's' world we are finding new ways to improve the existing technology, but sometimes we have to be old school and there is no problem in being old school, because there are situations where being old school has more benefits than improving the use of current technology. I hope I was able to explain the introduction of these two options.

    If bitdefender competitors can have both of these options, why can't bitdefender, it's not like that bitdefender competitors do not rely on new technologies but they have figured out a way on how to mix up the old school technology with the current newly improved technology. They also have people who are technology oriented and know each and everything about current technology.

    Believe me, I am waiting to see these two things implemented in both bms free and paid version for over years now. Another example, I teamed up with one more member on this forum @Gauthey and we tried everything possible in our hand to bring back the widget in bitdefender for windows which was removed in between if you can recall, the fellow forum member also created website to force bitdefender in bringing back the widget back for windows and there were ten hundreds to thousands supporters who wanted the widget back badly and bitdefender had to re work on it and they finally brought back the widget within a year.

    I am looking forward for the introduction of the above two stated features in both bms free and paid and I guess this should not be hard for bitdefender to implement. Please get in touch with your respective department and update me on the same.

    Reards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hello @Flexx,

    Sorry for the late answer, I had a very busy week.

    I can see how these features would help you in the given scenarios, but keep in mind that they are some quite rare use cases and only a few people would benefit from implementing them. I will send your request through, but that's most I can do, I couldn't tell you if or when they would be done.

    My input about the "uninstall all" button is that it would still require a pretty laborious job given your scenario. The process cannot be fully automated and you would still need to tap "uninstall" inside a system prompt for each one of the thousands of APKs.

    Regarding the offline malware database, the implementation would not be simple at all and it would not be as useful as one might think. Our cloud based detection uses many technologies including machine learning models. Making an offline malware database would not only mean that it would not be as great at detecting the latest threats, but it would also take up device storage and would require additional computational power on the devices of our users, which would be a downside for many people. Also, if you were to get infected in a no-signal area, the malware would be identified as soon as you were be back online and chances are that advanced viruses wouldn't even have enough time to activate their malicious behaviour.

    Thank you for your input!

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited March 2023

    Thank you for your prompt reply @agozob .I would also prefer you to still discuss this with your development team.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • HI,

    i ask both developers if it would be possible to change the icon of the free version of BDM.

    Perhaps it would be nicer to always have an icon with a "B" possibly a little different from that of the paid version so as to make users understand at a glance that it is always a Bitdefender product and therefore a guarantee of security . So in my opinion it could be mistaken for the many free AVs that are in the Play Store and many of low quality.

    What do you think?

    Thank you! 😀

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Hi @agozob,

    I suggest an improvement regarding the automatic start settings of the Free version of BDM. 🙂

    Unlike some apps, in BDM Free for some (and perhaps many of the latest generation) to ensure that BDM Free starts automatically every time you turn on your smartphone, you need to set the automatic start setting in the app settings. If this is not done after installing BDM Free when you turn on your smartphone it will not start until you open it from the icon.

    So if an inexperienced user does not know how to make this change in the app settings, surely not seeing that BDM Free starts, he will uninstall it.

    So in my opinion it is useful that this setting is set automatically when installing BDM Free.

    😉

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hello, @Nunzio77!

    Thank you for your suggestions!

    The automatic start setting seems like a good idea. It does look like it's a relatively new OS feature and I think it was only implemented by some phone manufacturers. I thing it's worth looking into this.

    I see your point about the icon of the Bitdefender Free application but I cannot tell you whether it would change. I personally like it the way it is and I think the color scheme is recognisable enough :)

    Have a good day!

  • Thanks @agozob for the attention. 🙂

    @agozob in Bitdeefender Home is it possible to optimize the "Bitdefender updater downloader" process and subsequently the "Bitdefender Test Engine" process?

    Because they use a lot of hard disk resources for many minutes, around 5 minutes each time the PC is started and each time Bitdefender is updated (see image). Obviously this is especially noticeable for older generation PCs.

    It would be important to at least reduce execution times by making them faster.

    Thanks! 😉

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    No problem, @Nunzio77.

    Since my activity is focused on Android research and development, I can unfortunately only answer questions about our Android applications.

    Thank you!

  • Ah ok then I'll open a specific post in the community. Thanks! 😉

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • This Q&A session has now ended.

    Thank you everyone for your active participation and questions! Special thanks to our developers for bringing their expertise and insights around the table, engaging in such fruitful, constructive and open exchanges throughout the session.

    Stay safe everyone and I'll see you at the next one! 👋😊

    Premium Security & Bitdefender Endpoint Security Tools user

This discussion has been closed.