Chinese smartphones are automatically sending text messages to steal money from mobile subscribers.

Counterfeit phones have backdoors that secretly deduct money from your account.

Recently, TigerPuma, a member of the "Tea & Hacking" forum, shared an interesting discovery about counterfeit phones originating from China. According to him, although each counterfeit phone only costs a few million dong, users are unknowingly paying hundreds of thousands of dong in monthly installments on these fake phones.

According to TigerPuma, this is because many counterfeit phones are equipped with backdoors. Backdoors are typically a piece of code embedded in software, or software embedded in hardware, that allows remote access to retrieve information, provide support, analyze data, or for other purposes. Backdoors are often not noted or notified to the user, so users are unaware of their existence until they are discovered.

While inspecting several counterfeit iPhones, Tiger Puma inadvertently discovered that they all had built-in backdoors for calling and using VAS services in China. These services may be pre-installed in the firmware on the ROM of these inexpensive smartphones.

VAS (Valua Added Service) refers to value-added services such as lottery results notifications, football match results, weather forecasts, etc. When texting or calling VAS value-added service numbers, users are charged according to the rates set by the service provider. With many different numbers, a single text message can result in monthly charges without the user's knowledge.

In late 2016, public opinion in Vietnam was outraged by the Sam Media case. By organizing prize-winning games through a phone number, from January 2013 to July 19, 2016, Sam Media attracted 93,735 customers, thereby profiting 230.5 billion VND from subscribers of four mobile network operators: Viettel, Vinaphone, MobiFone, and Vietnammobile.

Incidents like the one involving Sam Media often happen to gullible and uninformed users. With phones equipped with backdoors, these devices automatically call Chinese VAS (Virtual Service Numbers). Therefore, in this case, users are completely unprepared and are silently charged money without ever knowing about the service.

Many Chinese routers have backdoors installed.

Recently, at the 2018 National Security World Exhibition, Mr. Ngo Quang Huy, Deputy Director of the Vietnam Computer Emergency Response Center (VNCERT), stated that in 2017, VNCERT recorded a total of 136 million cyberattack events.

One of the methods frequently used by cybercriminals is to scan cheap Chinese routers for backdoor security vulnerabilities.

Routers originating from China pose numerous serious security risks. VNCERT has continuously detected hackers scanning for vulnerabilities in these routers. According to Mr. Huy, if substandard equipment is used, these vulnerabilities will be immediately exploited and used in attacks.

A backdoor vulnerability can allow hackers to gain unauthorized access and launch attacks from within an organization. "Router devices are the first gateways to an IT system; if they are attacked, the consequences can be enormous," shared the Deputy Director of VNCERT.

To address this, VNCERT recommends that organizations and businesses establish monitoring systems to detect hacker attacks early. This will help minimize losses to the system.

In addition, equipment needs to be thoroughly inspected to ensure safety before being put into use. For users, VNCERT also advises minimizing the use of equipment of substandard quality and unknown origin.