Plugging that SIM vulnerability

The Philippines on Monday joined most countries that have required the registration of all postpaid and prepaid smartphone SIM or subscriber identity module cards. This came about as President Ferdinand Marcos Jr. signed into law the SIM Card Registration Act after a similar proposal was vetoed during the incumbency of former president Rodrigo Duterte.

The new law would require mobile phone users to register their prepaid SIM cards within 180 days of the measure’s effectivity. An extension of 120 days may be sought by any subscriber who could not register within the 180-day period, but it would require a valid written request from him or her approved by the Department of Information and Communications Technology.

Primarily intended to address the proliferation of text scams in the country, the new law mandates the registration to be made with the respective telecommunication providers of subscribers. Nothing new here as telcos have been for the longest time serving as the repository of the personal data of their postpaid subscribers for billing purposes.

A valid government ID would be asked from users registering their SIM. The data of existing postpaid subscribers and those of prepaid users to be registered will be collated in a SIM Register. This SIM Register, unless it is secured from hackers and other malevolent digital players, can prove to be a treasure trove of personal data for mining by scammers.

Unless iron-clad safeguards are put in place by the government and the telcos, the measure could prove to be as weightier a problem as the one it is seeking to remedy. A lot would certainly depend on the implementing rules and regulations to be crafted and on the agencies that would be tasked to implement the new law.

However, ultimately, the responsibility to protect ourselves from scammers, hackers, and all those who live in the underbelly of the digital world would fall on no other than us. Much has been done already to protect data residing on computers and laptops and other data-storing devices, but the challenge at present is securing critical data on smartphones.

Text scams — as they are unsolicited electronic messages intended to steal identities, online accounts, and, of course, money — should be easy to avoid since they come from unknown entities or those pretending to be people we know. Rudimentary checks on the impostors can expose them and texts from unknown sources are simply to be junked without opening them.

The SIM Card Registration Act would address one point of dissemination of smartphone scams — texts from other mobile phones, but it could not possibly cover other vulnerabilities being exploited by scammers in gaining entry into smartphones, including through the use of text blast machines and the Internet, through websites that engage in phishing to steal critical personal data.

The passage of the law should not lay to rest the need to identify the points of entry presently being used by scammers to con people. It’s not enough for the telcos to claim that the attacks are emanating from abroad. The bigger issue is at what point the data of smartphone users has been compromised. There must be full accountability and identification just so the theft of data may be averted moving forward.

Leave a Reply

Your email address will not be published. Required fields are marked *