Chinese smartphones automatically send text messages to steal mobile phone subscription money

Fake phones have backdoors, secretly deducting money from accounts

Recently, TigerPuma, a member of the Hacking Tea Forum, shared an interesting discovery about fake phones originating from China. Accordingly, although each fake phone costs only a few million VND, users are secretly paying hundreds of thousands of VND in monthly installments without knowing it.

According to TigerPuma, this is because many of the fake phones have backdoors installed. A backdoor is usually a piece of code in software, or a piece of software in hardware that allows remote access for information, support, analysis, or other purposes. Backdoors are often not noted or notified to the user, so the user is unaware of its existence until the backdoor is discovered.

While testing a few fake iPhones, Tiger Puma accidentally discovered that they all had backdoors to call and use VAS services in China. These services can be built into the firmware on ROM in cheap smartphones.

VAS (Valua Added Service) are value-added services such as lottery results, football results, weather forecasts, etc. When texting or calling VAS value-added switchboards, users will be charged according to the fee set by the switchboard. With many numbers, just texting once will deduct money from the user's phone every month without them even knowing.

At the end of 2016, the public was outraged by the Sam Media incident. By organizing prize-winning game activities through phone numbers, between January 2013 and July 19, 2016, Sam Media attracted 93,735 customers to use its services, thereby earning a profit of up to VND 230.5 billion from subscribers of four networks: Viettel, Vinaphone, MobiFone and Vietnammobile.

Incidents like Sam Media’s often happen to gullible, uninformed users. With phones equipped with backdoors, they automatically call the Chinese VAS service number. Therefore, in this case, users are completely passive and silently deducted money without ever knowing about the service.

Many Chinese routers have backdoors installed

Recently, at the national exhibition on security (Security World) 2018, Mr. Ngo Quang Huy, Deputy Director of the Vietnam Computer Emergency Response Center (VNCERT) said that in 2017, VNCERT recorded a total of 136 million events on cyber security attacks.

One of the methods frequently used by cybercriminals is the form of attack scanning for cheap Chinese routers that have built-in backdoor security vulnerabilities.

Routers originating from China pose many serious security risks. VNCERT continuously detects hackers scanning to exploit vulnerabilities in these routers. According to Mr. Huy, if using devices that do not ensure quality, those vulnerabilities will immediately be exploited and attacked.

Backdoor vulnerabilities can help hackers access and attack illegally from within the organization. “Routers are the first gateways to an IT system, if they are attacked, the consequences will be very serious,” said the Deputy Director of VNCERT.

To overcome this, VNCERT recommends that organizations and businesses need to set up a monitoring system to detect early scanning by hackers. This helps to minimize losses to the system.

In addition, it is necessary to check the equipment carefully to ensure safety before putting it into use. For users, VNCERT also recommends to minimize the use of equipment with poor quality and unknown origin.