Bank of Thailand blames dating app for phone hacking

The Bank of Thailand (BoT) denied a claim made on social media that a man lost money from his bank account after recharging his phone at a public outlet. BoT believes the theft occurred because the man was a victim of a malware attack.

Police also attributed the theft to malware, stating that the user had downloaded an unsafe dating app called “sweet meet.”

The central bank issued a statement yesterday regarding the potential for mobile phone users to lose money through modified charging cables, reported Bangkok Post.

Wisanusan Sam-pok revealed in a Facebook post on Sunday that 101,560 baht mysteriously disappeared from his bank account. Wisanusan said he did not use the phone other than to charge it in public.

A BoT-Thai Bankers’ Association conducted an investigation and found that malware had infiltrated the man’s phone and tricked him into installing an illegal application. This allowed a hacker to remotely access the phone and transfer money from the user’s bank account while the phone was not in use by the owner.

BoT issued a warning to mobile phone users to be cautious when opening unknown links, installing unverified apps, and using unsecured phones to make financial transactions. The bank also advised phone users to keep their mobile banking software fully updated in order to increase security.

Deputy national police chief Pol Gen Torsak Sukwimol said the phone owner had installed an unsafe dating app named “Sweet meet” and that was the cause of the money theft.

“It had nothing to do with a charging cable. There were charging cables that were modified to steal data, but they could not be used to steal money from mobile banking accounts. Such cables could access only basic information and GPS data and were technicians’ tools.

“People must take heed and download only applications available through Google Play or the App Store.”

ORIGINAL STORY

The Central Investigation Bureau (CIB) is advising the public to exercise caution when charging their smartphones in public after a Thai man’s Android phone was hacked at the weekend. The CIB believe hackers have found a way of altering charging cables to steal personal information from phone users.

Wisanusan Sam-pok revealed in a Facebook post on Sunday that 101,560 baht mysteriously disappeared from his bank account. Wisanusan said he did not use the phone other than to charge it in public.

He added he has two phones, an Android and iPhone. He mainly uses the iPhone for calls, messages, banking etc., and only uses his Android phone to play games.

Wisanusan said that he did not receive any scam calls, download any strange applications, or click on any suspicious website links, but the money still mysteriously disappeared from his bank account.

Widsanusawan got a notification from his bank about the transaction he did not make. On closer inspection of his phone, he noticed an unknown application on it, which he suspected to be the app the hacker used for data skimming.

Netizens commented on Widsanusawan’s post saying that the hacker might have used a charging port and cable to help with the data skimming.

CIB reported yesterday that hackers can use remote access points to control a skimming chip that is embedded in every type of charger port.

The chip can be used by hackers to skim personal information from smartphones, including passwords, financial data, and bank account numbers, or to infect them with malware.

The CIB warned people who need to charge their phones in public should be cautious when borrowing a stranger’s charger or connecting their charger to public charging ports.

Parinya Homanek, a member of the National Cybersecurity Committee, said that such hacking, mostly on Android phones, can happen after the victims visit malware-embedded commercial banners or downloaded applications outside official application stores.