Can malicious charging cables steal your data? Let’s find out the truth…

Cyber scammers are still a prevalent threat in society. Unfortunately, despite many case studies and expert warnings, the number of victims is still increasing. Here we found another kind of scam that is worth watching out for.

On January 16th, 2023, many social media users expressed concern about the charging cable usage, as many victims reported that they were hacked and their money was stolen from their bank accounts.

Source Post | Archive

Post Translation: #UrgentWarning Many Android users were #hacked and transferred money out of their bank accounts automatically. The initial cause is charging cables.

The post was widely shared, and many people expressed their concerns in the comments.

Moreover, the Central Investigation Bureau (CIB) has shared the warning regarding this incident.

Archive

Post Translation: Warning! Incautious charging cable usage might get your data hacked.

Later, on January 19th, the National Bank of Thailand clarified this incident. However, after the investigation, The Bank denied that the charging cables were the cause of the lost money. Instead, the victims were tricked by a scammer into installing the malicious application, enabling the scammer to control the victims’ devices remotely.

Furthermore, Cyber Crime Investigation Bureau (CCIB) informed that after inspecting the victim’s phone, the Bureau found the unverified dating application named “Sweet Meet,” which is the cause of the loss as the app will install malicious software and control the devices remotely. The Bureau also confirmed that this has nothing to do with the charging phone, as in recent news.

Anyway, The National Bank also confirmed that there are malicious charging cables. Still, they cannot automatically transfer the money out of victims’ bank accounts.

Now, let’s get to know what exactly is the hacking charging cables.

What is the malicious cable, and what does it look like?

(Image: MOTHERBOARD, Vice)

According to Vice, this hacking cable looks like a typical Lightning cable. This cable was created by MG, a developer, and was named "OMG cable."

MG said, "It charges phones and transfers data like an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance."

Apart from the Lightning cable lookalike, the cables also have new physical variations, including Lightning to USB-C, with more capabilities for hackers to play with. MG said that it can now trigger payloads at over a mile.

How can we know we are not using dangerous charging cables?

Fortunately, the OMG cable comes at an unusually high price (compared with the regular charging cables) at $120. And it is only available in limited lots and only in certain countries. Hence, the chance of running into this cable is not that high.

For your safety, we suggest using certified cables from trustworthy industries or providers and avoiding using unknown charging cables. This way, it also helps prevent dangerous voltage that might harm your phone and ignite the fire.

Our last words about this

Although the case of money hacked from the banking apps did not come from the charging cable, we should not overlook the dangers of malicious charging cables. Therefore, users should be careful when using unknown charging cables, including those provided in public places. And consider purchasing trustworthy and certified charging cables. Besides, to prevent data theft or banking app hacks, users should be wary of suspicious links and apps, don't click on unknown links, and not download apps from outside sources other than Play Store or App Store.