#FactCheck: Fake viral AI video captures a real-time bridge failure incident in Bihar

Executive Summary:

A viral clip where the Indian batsman Virat Kohli is shown endorsing an online casino and declaring a Rs 50,000 jackpot in three days as a guarantee has been proved a fake. In the clip that is accompanied by manipulated captions, Kohli is said to have admitted to being involved in the launch of an online casino during the interview with Graham Bensinger but this is not true. Nevertheless, an investigation showed that the original interview, which was published on YouTube in the last quarter of 2023 by Bensinger, did not have the mentioned words spoken by Kohli. Besides, another AI deepfake analysis tool called Deepware labelled the viral video as a deepfake.

‍

Claims:

The viral video states that cricket star Virat Kohli gets involved in the promotion of an online casino and ensures that the users of the site can make a profit of Rs 50,000 within three days. Conversely, the CyberPeace Research Team has just revealed that the video is a deepfake and not the original and there is no credible evidence suggesting Kohli's participation in such endorsements. A lot of the users are sharing the videos with the wrong info title over different Social Media platforms.

        Post link

Post link

Fact Check:

As soon as we were informed about the news, we made use of Keyword Search to see any news report that could be considered credible about Virat Kohli promoting any Casino app and we found nothing. Therefore, we also used Reverse Image Search for Virat Kohli wearing a Black T-shirt as seen in the video to find out more about the subject. We landed on a YouTube Video by Graham Bensinger, an American Journalist. The clip of the viral video was taken from this original video.

‍

Video link

In this video, he discussed his childhood, his diet, his cricket training, his marriage, etc. but did not mention anything regarding a newly launched Casino app by the cricketer.

Through close scrutiny of the viral video we have noticed some inconsistencies in the lip-sync and voice. Subsequently, we executed Deepfake Detection in Deepware tool and identified it to be Deepfake Detected.

‍

‍

Finally, we affirm that the Viral Video Is Deepfakes Video and the statement made is False.

Conclusion:

The video has gone viral and claims that cricketer Virat Kohli is the one endorsing an online casino and assuring you that in three days time you will be a guaranteed winner of Rs 50,000. This is all a fake story. This incident demonstrates the necessity of checking facts and a source before believing any information, as well as remaining sceptical about deepfakes and AI (artificial intelligence), which is a new technology used nowadays for spreading misinformation.

‍

Introduction

India's National Commission for Protection of Child Rights (NCPCR) is set to approach the Ministry of Electronics and Information Technology (MeitY) to recommend mandating a KYC-based system for verifying children's age under the Digital Personal Data Protection (DPDP) Act. The decision to approach or send recommendations to MeitY was taken by NCPCR in a closed-door meeting held on August 13 with social media entities. In the meeting, NCPCR emphasised proposing a KYC-based age verification mechanism. In this background, Section 9 of the Digital Personal Data Protection Act, 2023 defines a child as someone below the age of 18, and Section 9 mandates that such children have to be verified and parental consent will be required before processing their personal data.

Requirement of Verifiable Consent Under Section 9 of DPDP Act

Regarding the processing of children's personal data, Section 9 of the DPDP Act, 2023, provides that for children below 18 years of age, consent from parents/legal guardians is required. The Data Fiduciary shall, before processing any personal data of a child or a person with a disability who has a lawful guardian, obtain verifiable consent from the parent or lawful guardian. Additionally, behavioural monitoring or targeted advertising directed at children is prohibited. 

Ongoing debate on Method to obtain Verifiable Consent

Section 9 of the DPDP Act gives parents or lawful guardians more control over their children's data and privacy, and it empowers them to make decisions about how to manage their children's online activities/permissions. However, obtaining such verifiable consent from the parent or legal guardian presents a quandary. It was expected that the upcoming 'DPDP rules,' which have yet to be notified by the Central Government, would shed light on the procedure of obtaining such verifiable consent from a parent or lawful guardian.

However, In the meeting held on 18th July 2024, between MeitY and social media companies to discuss the upcoming Digital Personal Data Protection Rules (DPDP Rules), MeitY stated that it may not intend to prescribe a ‘specific mechanism’ for Data Fiduciaries to verify parental consent for minors using digital services. MeitY instead emphasised obligations put forth on the data fiduciary under section 8(4) of the DPDP Act to implement “appropriate technical and organisational measures” to ensure effective observance of the provisions contained under this act. 

In a recent update, MeitY held a review meeting on DPDP rules, where they focused on a method for determining children's ages. It was reported that the ministry is making a few more revisions before releasing the guidelines for public input.

CyberPeace Policy Outlook

CyberPeace in its policy recommendations paper published last month, (available here) also advised obtaining verifiable parental consent through methods such as Government Issued ID, integration of parental consent at ‘entry points’ like app stores,  obtaining consent through consent forms, or drawing attention from foreign laws such as California Privacy Law, COPPA, and developing child-friendly SIMs for enhanced child privacy.

CyberPeace in its policy paper also emphasised that when deciding the method to obtain verifiable consent, the respective platforms need to be aligned with the fact that verifiable age verification must be done without compromising user privacy. Balancing user privacy is a question of both technological capabilities and ethical considerations. 

DPDP Act is a brand new framework for protecting digital personal data and also puts forth certain obligations on Data Fiduciaries and provides certain rights to Data Principal. With upcoming ‘DPDP Rules’ which are expected to be notified soon, will define the detailed procedure for the implementation of the provisions of the Act. MeitY is refining the DPDP rules before they come out for public consultation. The approach of NCPCR is aimed at ensuring child safety in this digital era. We hope that MeitY comes up with a sound mechanism for obtaining verifiable consent from parents/lawful guardians after taking due consideration to recommendations put forth by various stakeholders, expert organisations and concerned authorities such as NCPCR. 

References

1. https://www.moneycontrol.com/technology/dpdp-rules-ncpcr-to-recommend-meity-to-bring-in-kyc-based-age-verification-for-children-article-12801563.html
2. https://pune.news/government/ncpcr-pushes-for-kyc-based-age-verification-in-digital-data-protection-a-new-era-for-child-safety-215989/#:~:text=During%20this%20meeting%2C%20NCPCR%20issued,consent%20before%20processing%20their%20data
3. https://www.hindustantimes.com/india-news/ncpcr-likely-to-seek-clause-for-parents-consent-under-data-protection-rules-101724180521788.html
4. https://www.drishtiias.com/daily-updates/daily-news-analysis/dpdp-act-2023-and-the-isssue-of-parental-consent

‍

Introduction

In the hyper-connected era, something as mundane as charging your phone can become a gateway to cyberattacks. A recent experience of Assam Chief Minister Himanta Biswa Sarma has reignited fears of an emerging digital menace called juice jacking. Sarma, who was taking an Emirates flight from Delhi to Dubai, used an international charger and cable provided by another passenger on board. As he afterwards reported on X (formerly Twitter), the passenger got off while he slept and so could not return the borrowed items. Though most people admired the CM's humility and openness, cybersecurity experts and citizens were quick to point out a possible red flag, that it could be a juice-jacking attempt. Whether by design or not, the scene calls out to the concealed risks of using unfamiliar charging equipment, particularly for those who hold sensitive roles.

What Is Juice Jacking?

Juice jacking takes advantage of the multi-purpose nature of USB connectors, which can carry both electrical energy and information. Attackers hack USB ports or cables to either:

• Insert harmful payloads (malware, spyware, ransomware) during power transfer, or
• Create unauthorised data pathways for silent information exfiltration.

Types of Juice Jacking Attacks

1. Data Theft (Exfiltration Attack): The USB cable or port is rigged to silently extract files, media, contacts, keystrokes, or login information from the attached phone.
2. Malware Injection (Payload Attack): The USB device is set to impersonate a Human Interface Device (HID), such as a keyboard. It sends pre-defined commands (shell scripts, command-line inputs) to the host, loading backdoors or spying tools.
3. Firmware Tampering: In more sophisticated cases, attackers implement persistent malware at the bootloader or firmware level, bypassing antivirus protection and living through factory resets.
4. Remote Command-and-Control Installation: Certain strains of malware initiate backdoors to enable remote access to the device over the internet upon reconnection to a live network.

Why the Assam CM’s Incident Raised Flags 

Whereas CM Sarma's experience was one of thanks, the digital repercussions of this scenario are immense:

• High-value targets like government officials, diplomats, and corporate executives tend to have sensitive information.
• A hacked cable can be used as a spy tool, sending information or providing remote access.
• With the USB On-The-Go (OTG) feature in contemporary Android and iOS devices, an attacker can run autorun scripts and deploy payloads at device connect/disconnect.
• If device encryption is poor or security settings are incorrectly configured, attackers may gain access to location, communication history, and app credentials.

Technical Juice Jacking Indicators

The following are indications that a device could have been attacked:

• Unsolicited request for USB file access or data syncing on attaching.
• Faster battery consumption (from background activities).
• The device is acting strangely, launching apps or entering commands without user control.
• Installation of new apps without authorisation.
• Data consumption increases even if no browsing is ongoing.

‍

CyberPeace Tech-Policy Advisory: Preventing Juice Jacking

‍

1. Hardware-Level Mitigation
   
   1. Utilise USB Data Blockers: Commonly referred to as "USB condoms," such devices plug the data pins (D+ and D-), letting only power (Vcc and GND) pass through. This blocks all data communication over USB.
   2. Charge-Only Cables: Make use of cables that physically do not have data lines. These are specifically meant to provide power only.
   3. Carry a Power Bank: Use your own power source, if possible, for charging, particularly in airports, conferences, or flights.

2. Operating System(OS) Level Protections

1. iOS Devices:

‍

Enable USB Restricted Mode:

Keep USB accessories from being able to connect when your iPhone is locked.

Settings → Face ID & Passcode → USB Accessories → Off

‍

2. Android Devices:

Disable USB Debugging:

Debugging makes device access available for development, but it can be taken advantage of. If USB Debugging is turned on, and someone connects your phone to a computer, they might be able to access your data, install apps, or even control your phone, especially if your phone is unlocked. Hence, it should be kept off. 

Settings → Developer Options → USB Debugging → Off

‍

3. Set USB Default to 'Charge Only'

Settings → Connected Devices → USB Preferences → Default USB Configuration → Charge Only

‍

3) Behavioural Recommendations

• Never take chargers or USB cables from strangers.
• Don't use public USB charging points, particularly at airports or coffee shops.
• Turn full-disk encryption on on your device. It is supported by most Android and all iOS devices.
• Deploy endpoint security software that can identify rogue USB commands and report suspicious behaviour.
• Check cables or ports physically, many attack cables are indistinguishable from legitimate ones (e.g., O.MG cables).

Conclusion

"Juice jacking is no longer just a theoretical or obscure threat. In the age of highly mobile, USB-charged devices, physical-layer attacks are becoming increasingly common, and their targets are growing more strategic. The recent case involving the Assam Chief Minister was perhaps harmless, but it did serve to underscore a fundamental vulnerability in daily digital life. As mobile security becomes more relevant to individuals and organisations worldwide, knowing about hardware-based attacks like juice jacking is essential. Security never needs to be sacrificed for convenience, particularly when an entire digital identity might be at risk with just a single USB cable.

References

• https://www.indiatoday.in/trending-news/story/assam-chief-minister-himanta-biswa-sarma-x-post-on-emirates-passenger-sparks-juice-jacking-concerns-2706349-2025-04-09
• https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2016-0085
• https://www.fcc.gov/juice-jacking-tips-to-avoid-it
• https://www.cyberpeace.org/resources/blogs/juice-jacking
• https://support.apple.com/en-in/HT208857
• https://developer.android.com/studio/debug/dev-options

‍