Safaricom outlines thin-SIM attack risks
Safaricom outlines thin-SIM attack risks
Denial of service, exposing PIN details, intercepting Unstructured Supplementary Service Data (USSD) messages, making calls without permission and altering configuration settings.
These are the ‘man-in-the-middle attack’ risks that ultra-thin SIMs pose to handset users, according to Kenya’s biggest mobile phone company Safaricom quoting a GSMA submission to the Communications Authority of Kenya (CA).
On Monday, the CA tentatively gave Equity Bank the go-ahead to use thin SIMs for one year after Safaricom launched a complaint about security concerns surrounding the technology.
The 0.1mm thin SIM cards, which are made by Taiwanese headquartered firm Taisys, can be stuck onto existing SIM cards to give handset users access to more than one network.
The bank plans rolling out the technology after it won a mobile virtual network operator (MVNO) licence in April this year. Equity also intends launching a mobile money service to compete against Safaricom’s dominant M-Pesa offering, which has over 19 million users.
“Whereas Safaricom does not necessarily agree with some critical aspects that led to the determination of CA’s decision, we will give our full cooperation to the CA as is required,” Safaricom said in a statement released on 22 September.
“In the interim, Safaricom will review some of the legal commitments to its customers and business partners with the view of addressing the legal exposures that could be created by the use of the SIM overlay technology, particularly in relation to mobile banking,” the company added in its statement.
Despite submissions regarding potential thin-SIM risks, the CA on Monday said that “there is no sufficient evidence to block in the Kenyan market the entry of the thin SIM.”
“Save for the inherent vulnerabilities of all SIM cards, there are no specific and confirmed vulnerabilities arising from use of thin SIM,” said the CA on Twitter.
The CA went on to say that tests conducted on the thin SIM technology illustrated that it complies with necessary standards.
Meanwhile, testing revealed no major complaints regarding the interception of traffic on the primary SIM cards when ultra-thin SIM cards are used, the CA noted.