Caixin
Oct 14, 2020 06:40 PM
BUSINESS & TECH

Storing Life on a Mobile Phone Can Be Hazardous to Your Identity, Viral Post Shows

Old Camel claimed that even though they had been involved in network security testing for many years, they still failed to protect the information and data stored on the phone.
Old Camel claimed that even though they had been involved in network security testing for many years, they still failed to protect the information and data stored on the phone.

Hundreds of millions of Chinese smartphone users store their lives and identities on their phones ­– from essentials like banking, payment and local government social security apps, to food delivery and healthcare apps, social contacts, and everything else in between. That makes them fertile ground for criminal gangs who steal the devices to gain access to a trove of data that can be used to assume a user’s identity and commit fraud, potentially exposing victims to huge financial losses.

A viral social media post by an internet security engineer, detailing the nightmare their family went through after a relative’s Huawei mobile phone was stolen, underscores growing concerns not only about identity theft but also the loopholes in mobile phone security and the lax procedures at many technology companies that allow criminals to commit fraud. It has also fuelled a debate about how much responsibility companies should take in cases of fraud.

The engineer, who goes by the name Old Camel on social media platform WeChat, originally wrote about their experience in a post in September, but it went viral over the weekend ahead of this week’s review of a draft law on personal information protection by the Standing Committee of the National People’s Congress (NPC), the country’s legislature. Views of posts with the hashtag for the story on Weibo, China’s Twitter-like platform, had reached more than 80 million as of Wednesday evening.

One comment on Weibo lamented the lack of security, writing: “The more advanced the technology the greater the chance for information to leak.” Another hashtag follower wrote: “Losing a mobile phone these days is horrendous, much scarier than losing an ID card in the old days.”

China already has legislation, regulations and rules that cover the use and protection of personal information –– including the Cybersecurity Law, which was promulgated in June 2017, and the Civil Code, which takes effect in January 2021 –– but there is no specific law covering personal data protection. As a result, the NPC decided last year to put legislation on personal information protection on its agenda.

Lawmakers on the NPC Standing Committee are carrying out their first review of the draft law this week and one of main provisions of the legislation is to define the responsibilities of individuals and organizations when it comes to personal data security.

 Read more 
Editorial: Data Protection Law Should Put Citizens Ahead of Business

“Although China has intensified efforts to protect personal information in recent years, problems where personal information was improperly collected, abused, misused or illegally purchased to undermine the safety of people’s lives and property are still prominent,” Zang Tiewei, spokesman for the Legislative Affairs Commission of the NPC Standing Committee told (link in Chinese) a briefing on Monday. “In this internet information era, personal information protection has become one of the issues that people care most about as well as a problem that directly affects their interests.”

Old Camel recounted how their relative immediately contacted their network provider to deactivate the telephone number. The phone’s screen security lock was cracked, giving the thieves access to all the information stored on the device, the engineer wrote. The relative also froze the Alipay and WeChat accounts on the phone after discovering the logins no longer worked. The author immediately took a series of defensive measures, including freezing other accounts or changing their associated mobile phone numbers.

But the engineer claimed that a criminal group managed to reactivate the number by calling Sichuan Telecom, the local mobile network operator, and then created new accounts on multiple financial platforms, including Alipay, WeChat Pay, Suning Finance and UnionPay. The gang was also granted online loans from several platforms and used the money to top up virtual cards and transfer the money out of the accounts. The engineer told Caixin they only lost 7,600 yuan ($1,130) in total, and all of it was reimbursed by the platforms.

Old Camel claimed that even though they had been involved in network security testing for many years, they still failed to protect the information and data stored on the phone. The engineer complained that the security of smartphone apps and platforms is inadequate, allowing criminals to exploit their vulnerabilities.

The inappropriate reactivation procedure of Sichuan Telecom, which is run by state-owned China Telecommunications Corp. (China Telecom), was the main reason why the gang was able to receive a text message verification that allowed them to continue their crime spree, Old Camel wrote in the original WeChat post. China Telecom didn’t respond to Caixin’s request for comment, although a source close to the company said that the procedure for reactivating phone numbers through a phone call had been designed with customer convenience in mind. In a new post on Tuesday, the engineer wrote that Sichuan Telecom has now adjusted its reactivation procedure.

Contact reporter Timmy Shen (hongmingshen@caixin.com) and editor Nerys Avery (nerysavery@caixin.com)

Download our app to receive breaking news alerts and read the news on the go.

You've accessed an article available only to subscribers
VIEW OPTIONS
Share this article
Open WeChat and scan the QR code