Jump to content

News Forum - Android users urged not to charge phones in public in case they get hacked


Thaiger
 Share

Recommended Posts

The Central Investigation Bureau (CIB) is advising the public to exercise caution when charging their smartphones in public after a Thai man’s Android phone was hacked at the weekend. The CIB believe hackers have found a way of altering charging cables to steal personal information from phone users. Wisanusan Sam-pok revealed in a Facebook post …

The story Android users urged not to charge phones in public in case they get hacked as seen on Thaiger News.

Read the full story

Link to comment
Share on other sites

It is not about the charger. It is all about the charger cable. Do not use communication cable to charge phones. Just use charger cable or the charger cable adaptor which prevents communication flow and only allow energy for charging. 

  • Like 2
Link to comment
Share on other sites

1 hour ago, Ramanathan.P said:

It is not about the charger. It is all about the charger cable. Do not use communication cable to charge phones. Just use charger cable or the charger cable adaptor which prevents communication flow and only allow energy for charging. 

Right, and that is not really new News. It was already around in medias in the west, some years ago. Around the time,  airports, restaurants, trains and busses started to offer USB plugs for charging.

  • Like 1
Link to comment
Share on other sites

 

Besides using your own, charge-only cable, another measure is to switch of the phone while it's charging.

But the most universal measure is to "think before you tap". In my experience, any communication requires some kind of user confirmation, so if communication is established it's because the user confirmed it.

For example, whenever I connect my android via USB to a computer, it asks if it's in order to charge or to transfer data. For ADB commands (disabled by default) from an unknown device, I need to confirm its fingerprint. I've never tried to plug in in an external keyboard (which would be an excellent way to gain control over a phone, i.e. by the malicious device pretending to be a keyboard) or display, but I would be extremely surprised & disappointed if  Android would be so stupid as to consider something like that to be a trusted device by default.

 

  • Like 3
Link to comment
Share on other sites

38 minutes ago, Chatogaster said:

Besides using your own, charge-only cable, another measure is to switch of the phone while it's charging.

But the most universal measure is to "think before you tap". In my experience, any communication requires some kind of user confirmation, so if communication is established it's because the user confirmed it.

For example, whenever I connect my android via USB to a computer, it asks if it's in order to charge or to transfer data. For ADB commands (disabled by default) from an unknown device, I need to confirm its fingerprint. I've never tried to plug in in an external keyboard (which would be an excellent way to gain control over a phone, i.e. by the malicious device pretending to be a keyboard) or display, but I would be extremely surprised & disappointed if  Android would be so stupid as to consider something like that to be a trusted device by default.

Well normally in Thailand they are very good at creating stories and try to link all the dots in one straight line by erasing those dots that fall out of the straight line to back up their theory. Unfortunately they fail to understand it is their one brain against the universe. 

 

  • Like 1
Link to comment
Share on other sites

2 hours ago, Ramanathan.P said:

Well normally in Thailand they are very good at creating stories and try to link all the dots in one straight line by erasing those dots that fall out of the straight line to back up their theory. Unfortunately they fail to understand it is their one brain against the universe. 

 

Nicely put. 

Yesterday I met someone who believed that the mere act of clicking on an SMS could cause their bank account to be drained. It didn't happen to them, but that's the (part of the) story they remembered and they were unaware of the missing dots in the full story, e.g. the encouraged downloads and/or subsequent requests (often urgent, sometimes even demands) for information like full name, birth date, national id, bank account number, etc. 

However, I wouldn't go as far as to assume that Thai minds are (much) more susceptible than other nationalities. It seems that scams continue to work everywhere and in all layers of society.

 

  • Like 1
Link to comment
Share on other sites

11 minutes ago, Pinetree said:

and yet people still buy second hand phones in markets and on Lazarda,  it is highly risky. 

A factory reset is all it takes to make that risk-free.

The one (theoretical) exception would be if they (those markets/resellers) physically replaced a chip, but that requires knowledge/expertise and would make the 2nd hand phones more expensive than the originals, at least initially - so it'd necessitate a long-term investment. That's not something scammers aim for; it's all about easy money (for now).

  • Like 1
Link to comment
Share on other sites

5 hours ago, Chatogaster said:

Besides using your own, charge-only cable, another measure is to switch of the phone while it's charging.

But the most universal measure is to "think before you tap". In my experience, any communication requires some kind of user confirmation, so if communication is established it's because the user confirmed it.

For example, whenever I connect my android via USB to a computer, it asks if it's in order to charge or to transfer data. For ADB commands (disabled by default) from an unknown device, I need to confirm its fingerprint. I've never tried to plug in in an external keyboard (which would be an excellent way to gain control over a phone, i.e. by the malicious device pretending to be a keyboard) or display, but I would be extremely surprised & disappointed if  Android would be so stupid as to consider something like that to be a trusted device by default.

I agree entirely about "think before you tap". This is the message I see every time my Android phone is connected to another device using a cable:

1441904251_Screenshot_20230117-195337_MTPapplication-cropped.thumb.jpg.324717e2d07609e2898a102b252ef5ed.jpg

 

8 hours ago, Thaiger said:

The Central Investigation Bureau (CIB) is advising the public to exercise caution when charging their smartphones in public after a Thai man’s Android phone was hacked at the weekend. The CIB believe hackers have found a way of altering charging cables to steal personal information from phone users.

If users aren't prepared to check what's happening on their phones, then you probably can't help them.

Link to comment
Share on other sites

Like many a "I got hacked" story, this one doesn't add up.

If the guy only used this phone for gaming then how did this hack access his bank accounts? The banking apps would need to be installed for one and the sim would need to be registered with the bank accounts to receive the OTP's.

This 'victim' knows they have some culpability but have instead tried to claim its the fault of an ingenius hack. No doubt, in some vain hope that he will be compensated by his bank. The only news here is a government agency believing the story and issuing advice based on it. 

  • Like 1
Link to comment
Share on other sites

3 hours ago, FarangandEarnest said:

Like many a "I got hacked" story, this one doesn't add up.

If the guy only used this phone for gaming then how did this hack access his bank accounts? The banking apps would need to be installed for one and the sim would need to be registered with the bank accounts to receive the OTP's.

This 'victim' knows they have some culpability but have instead tried to claim its the fault of an ingenius hack. No doubt, in some vain hope that he will be compensated by his bank. The only news here is a government agency believing the story and issuing advice based on it. 

Thanks for pointing that out. I missed it completely, I wasn't paying attention:

On 1/17/2023 at 11:53 AM, Thaiger said:

He added he has two phones, an Android and iPhone. He mainly uses the iPhone for calls, messages, banking etc., and only uses his Android phone to play games.

Theoretical hacking of his Android phone wouldn't have caused any loss.
Assuming the report is 100% correct, have the police missed this detail too?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

By posting on Thaiger Talk you agree to the Terms of Use