Chinese smartphones automatically send text messages to steal mobile phone subscription money

Fake phones have backdoors, secretly deducting money from accounts

Recently, TigerPuma, a member of the Hacking Tea Forum, shared an interesting discovery about fake phones originating from China. Accordingly, although each fake phone costs only a few million VND, users are silently paying hundreds of thousands of VND in monthly installments without knowing it.

According to TigerPuma, this is because many of the fake phones are equipped with backdoors. A backdoor is typically a piece of code in software, or a piece of software in hardware that allows remote access for information, support, analysis, or other purposes. Backdoors are often not noted or disclosed to the user, so the user is unaware of its existence until the backdoor is discovered.

While testing a few fake iPhones, Tiger Puma accidentally discovered that they all had backdoors to call and use VAS services in China. These services can be built into the firmware on the ROM of cheap smartphones.

VAS (Valua Added Service) are value-added services such as lottery results, football results, weather forecasts, etc. When texting or calling VAS value-added switchboards, users will be charged according to the fee set by the switchboard. With many numbers, just texting once will deduct money from the user's phone every month without them even knowing.

At the end of 2016, public opinion in the country was outraged by the Sam Media incident. By organizing prize-winning games through prefix numbers, between January 2013 and July 19, 2016, Sam Media attracted 93,735 customers to use its services, thereby earning a profit of up to VND 230.5 billion from subscribers of four networks: Viettel, Vinaphone, MobiFone and Vietnammobile.

Incidents like Sam Media’s often happen to gullible, uninformed users. With phones that have backdoors installed, they automatically call the Chinese VAS service number. Therefore, in this case, users are completely passive and silently get their money deducted without ever knowing about the service.

Many Chinese routers have backdoors installed

Recently, at the national exhibition on security (Security World) 2018, Mr. Ngo Quang Huy, Deputy Director of the Vietnam Computer Emergency Response Center (VNCERT) said that in 2017, VNCERT recorded a total of 136 million events on cyber security attacks.

One of the methods frequently used by cyber criminals is the form of scanning attack on cheap Chinese routers that have built-in backdoor security vulnerabilities.

Routers originating from China pose many serious security risks. VNCERT continuously detects hackers scanning for vulnerabilities in these routers. According to Mr. Huy, if using devices that do not ensure quality, those vulnerabilities will immediately be exploited and attacked.

Backdoor vulnerabilities can help hackers gain unauthorized access and attack from within the organization. “Routers are the first gateways to an IT system, if they are attacked, the consequences will be very serious,” the Deputy Director of VNCERT shared.

To overcome this, VNCERT recommends that organizations and businesses need to set up a monitoring system to detect hackers' scanning early. This helps to minimize losses to the system.

In addition, it is necessary to check the equipment carefully to ensure safety before putting it into use. For users, VNCERT also recommends that they should minimize the use of equipment of uncertain quality and unknown origin.