Hacked by charging cable: a myth
Connected to Danger: Mobile phone chargers have recently become a topic of debate as people worry that their mobile phones could be hacked through charging cables.
Social media was in an uproar after a man posted on his Facebook that 101,560 baht had disappeared from his bank account while he was charging his phone at a public charging station.
As the man insisted that he never downloaded unknown apps or clicked on any suspicious links, netizens began to suspect that the charging cable was tampered with to steal data from his device.
One theory was that the charging cable was rigged and when connected to your phone, it allowed hackers to take control of your phone and transfer money from your account.
This caused widespread concern, if not panic. Many said they would now use their own charging cables, and some even considered removing their mobile banking apps.
The incident was investigated and the facts were finally established. The culprit was not the charging cable, but a fake dating app called “Sweet Meet” that the man had installed on his phone.
The revelation may have brought some relief. But with mobile banking widely used today, stakeholders can never emphasize enough how vulnerable people are to fraudsters and why it’s important to stay on guard against the risk of financial crime.
A malicious cable, really?
Prinya Hom-anek, a cyber security expert and a member of the National Cyber Security Committee, was one of the first to doubt whether such a method was used. Media reports ran the racy headline “robbed by charging cable.”
“It’s impossible. When I first saw it on the news, I thought the media had crossed the line,” he said.
In many cases, mainly on Android phones, people can unknowingly install malicious apps that allow scammers to take control of their phones, according to Prinya.
“They are tricked by text messages, ads or phone calls. Whatever it is, they are tricked into installing malware that allows scammers to access their phones.
“Don’t be scared by the charging cable. People should look for suspicious malware, apps or links. Don’t be quick to point fingers. Check your phones first,” he said.
If suspicious apps are found, remove them and do a factory reset, the best measure to get rid of malware, he said.
More than 10,000 people are victims of scammers with financial damages estimated at 50 million baht per day, it said, citing information from the Cyber Crime Investigation Bureau.
Prinya also said that financial institutions and law enforcement should make a formal pact to strengthen the security of the system and promote financial and technological education among consumers.
Supachai Natong, a 43-year-old electronics vendor, said he is more concerned about malware and devious tactics scammers use to lure victims into their trap.
“These criminals are always coming up with something to get our money. I think all phone users should be vigilant and think twice before installing any app,” he said.
Pattraporn Tungpat, a 26-year-old phone technician, said her first thought when she heard about the fraud was malware.
“Stolen for a charging cable… I really doubted it. You plug it in and suddenly it drains your account… that’s unlikely. The phone is infected with malware and gets hacked. That makes more sense,” he said.
She said her customers were not alarmed by the charging cable report and knew that sooner rather than later, the incident would be forgotten, like the “exploding keyboard.”
He was referring to the accidental firing of a gun in a computer room at a Nonthaburi school that killed a student in September last year. Several news outlets were quick to headline their reports “exploding keyboard.”
“Be aware of bank announcements and alerts. Beware of risks and threats. They exist,” he said.
Several phone and peripheral device vendors and technicians have been bombarded with questions from customers who fear they are getting more than they originally bargained for.
Bundit Wongcha, a 39-year-old telephone technician, said that although police and the Bank of Thailand have clarified that the fraud was not caused by a charging cable, his customers seem concerned when they come in for repairs and replacements. He also said that many companies could have suffered if the authorities had been slow to respond to the claim.
Watchareena Sornprasarn, 31, a phone salesperson, said phone buyers, especially those who opt for cheap Android devices, seem to have more questions about security when shopping for new phones.
She said the new phones come with charging cables from the manufacturers so customers don’t have to worry about faulty or tampered parts. However, those who choose cheap Android phones will have to put up with the pop-up ads that some third-party apps throw up, she added.
Pornprapa Pannarai, 29, another vendor, said it’s business as usual, though customers ask about charging cables. They also want to know how to tell the difference between standards and substandards. He urged state agencies to introduce more measures to tackle data theft and financial fraud. “I think protecting personal information is the most important thing.”
Chattiwong Somnonnan, a 33-year-old salesman, said his sales were not affected by the hacked charging cable, but customers are now more interested in features and security updates. “I’m looking forward to how the police will deal with these scammers. How can they tackle cybercrime and catch these people?” he said.
According to Pol Lt Gen Worawat Watnakornbancha, Commissioner of the Cyber Crime Investigation Bureau (CCIB), the man’s phone had a scam app called “Sweet Meet” installed on it.
National police deputy chief Torsak Sukwimol said people should not click any links or download unauthorized apps to prevent their phones from being infected with malware.
He said it’s technically possible for people to use a charging cable to hack phones. But the tampered device can only get basic information or GPS data and it is not widely available and only used by security experts.
Most importantly, he said, people should avoid downloading apps from external sources suggested by some live streaming programs. Smartphone users should download and install apps directly from the Google Play Store or App Store, he added.
The Bank of Thailand and the Thai Bankers Association (TBA), which investigated the fraud, confirmed that they tricked the man into installing a fake malware app.
The malware allowed scammers to control the phone and transfer money from the user’s bank account when the owner was not using the phone.
Scammers have come up with a number of tricks—texting, call centers, fake loan applications—and luring people into installing apps with embedded malware is the latest. They said that financial institutions need to develop tools and measures and cooperate with the agencies involved to respond effectively to the increase in cybercrime.
The Ministry of the Digital Economy and Society (DES) has urged mobile phone users to check whether they have installed some 200 malicious applications that can allow hackers to steal personal data or take control of their mobile phones.
DES Minister Chaiwut Thanakamanusorn said the National Cyber Security Agency found all 200 malware items and DES posted the list on its Facebook page (https://www.facebook.com/prmdes.official). He urged mobile phone users to remove malware applications and keep their mobile phones up to date with security patches.