TechMoran

Safaricom Remains Adamant on Thin SIM Vulnerabilities

Share this

IMG_0143Hours after the Communications Authority (CA) of Kenya’s tentatively approved the roll out of the SIM overlay technology, Safaricom, Kenya’s largest mobile network operator by revenue and subscribers announced it does not necessarily agree to the move even if it will cooperate.

In an announcement this afternoon, the firm said, “Safaricom will review some of its legal commitments to its customers and banking partners with the view of addressing the legal exposures that could be created by the use of the SIM overlay technology, particularly in relation to mobile banking activities.”

“We would want to assure our customers and partners that if  any adverse impact on the integrity of customer information is detected on account of the use of the overlay SIM technology, Safaricom will use all prudent and practical means to protect the confidentiality of its customers information and the sanctity of the financial transactions provided through its network,” the firm added.

Equity Bank, under its subsidiary Finserve Kenya Ltd aims to roll out is MNVO services using an overlay sim which has now been approved by the regulator but Safaricom mantains its stand on the technologies vulnerabilities.

According to a telcoms analyst speakig to TechMoran on condition of anonymity, the telco is using scare tactics to keep away its subscribers from using thin SIM’s thereby protecting its own business agenda.

“You do not scare away susbscribers and go against a regulation and issue contradicting statements in the name of user protection. The case we have here is a corporate citizen who wants to law to rule in their favour and who will do everything to frustrate a good move by the regulator to benefit all Kenyans,” he said. “Every firm should wait for the end of the pilot phase to identify vulnerabilities to lobby for or against sim overlay technology. Kenyans need a democracy of services.”

Earlier,  ICT Cabinet Secretary of the Republic of Kenya, Fredrick Matiang’i, speaking at the launch of Airtel Premier Club said the government will be intimidated by any player in the telcoms sector and will open up the sector for competition to the benefit of Kenyans. Several at the event echoed his speech to imply a move to break Safaricom’s monopoly in the mobile money and telcos sector.

Safaricom says it’s pleased that both the CA and CBK have appreciated the security concerns. The firm said,”We are particularly encouraged that CA has commenced the process of hiring an independent and reputable international firm to conduct a security audit on all SIM cards, and in particular the use of the SIM overlay technology in mobile money transfer services. We therefore implore the CA to fast track the security review and to publish the guidelines in the interests of protecting consumers and financial institutions who will remain vulnerable to the potential risks created by the ‘man-in-the-middle attack’. ”

According to Safaricom, qouting The GSMA, “The SIM Overlay has the potential to observe record and divulge mobile user PIN details (including Mobile Banking PINS). It has the potential to intercept, manipulate and/or destroy Unstructured Supplementary Service Data (USSD) communications. It has the potential to cause denial of service to existing SIM’s by intercepting, manipulating and/or destroying SIM toolkit instructions. It has the potential to carry out actions without the explicit permission or knowledge of the mobile user for example monitor calls and SMS. It has the potential of obtaining unauthorised access to the SIM card and change configuration settings and thus impacting the customer experience adversely.”

Safaricom is hopeful and says it’s further encouraged by the CA’s commitment that in the event that any of the above vulnerabilities are discovered during the one year testing period it will take steps to suspend the use of the SIM overlay in the Kenyan market pending the final recommendations from the security consultants. “Every player should be given chance to roll their services and after the trial phase, they all go back to the drawing board or ask for any compensation. Any firm fighting another would end up losing goodwill of the populace. In business, propaganda works to a certain extend but if a firm pushes further or moves to block competitors, the incoming competitor gets sympathy votes. It’s David and Goliath reincarnated,” our analyst concluded.

 

 

Share this
Exit mobile version