Serious breach of cellphone users’ data

ISLAMABAD: The personal data of the subscribers of the telecom companies operating in Pakistan has once again been seriously compromised as various mobile applications and web portals are providing access to individual subscribers’ data on the internet.

Recently, a video of a mobile application named ‘Asan Bash’ went viral on social media claiming to provide access to the data of users through their mobile numbers. According to this video, anyone can have access to the CNIC numbers, family tree and other information of any individual by simply entering the mobile number on this application.

The access to data through this application is a massive breach of the personal data of telecom companies’ users. This indicates that the personal data of the telecom companies’ users are not secure. Telecom companies in order to sell their SIMs obtain the CNIC of a subscriber and add it to their server for the verification process.

Without a CNIC no user can obtain a SIM, but the latest breach of security has raised questions about the capacity of telecom companies to ensure data safety.

Apart from the ‘Asan Bash’ mobile application, the telecom companies’ data is already available on the internet for free and anyone can access the mobile numbers and CNIC of any user. A web portal ‘simdatabaseonline’ provides access to mobile users’ data and the CNIC linked to the mobile numbers. By entering the mobile number of any telecom company, one can find the CNIC number linked with this mobile number. In addition to it, the web portal also provides the address of the user entered into the telecom companies’ database.

The cyber security experts while talking to The News termed it as a very risky development. “When you download the said mobile application, you allow it to access all your mobile data including your email, pictures, bank accounts and the contacts saved in your mobile. By agreeing with the terms and conditions of such apps you have legally allowed them to have access to all your data. Many users have compromised their mobile data by using such applications. Therefore, it is advised not to use these third parties applications,” commented a cyber security expert.

According to these experts, the iPhone never allows such applications, and iPhone users cannot install such Apps. Only android cell phones allow these third parties applications and most of the time the users of these apps compromise their data by installing these applications on their phones, commented the experts.

It is important to note here that such a data breach has been linked to the National Database Registration Authority (NADRA) database. However, a spokesman of Nadra said that they have nothing to do with the data-searching App. He said that the data of Nadra is in the Urdu language, not in English, while the fake companies provide the data in English. He said that Nadra has lodged complaints with the Federal Investigation Agency (FIA) Crimes and Cyber Wings to investigate the issue. Their complaint with FIA is not about a data breach but about using Nadra’s name as it is impossible to breach Nadra’s database. Meanwhile, a source in a telecom company told this correspondent that individual data is collected through the telecom companies while selling mobile sims. He said that numerous gangs are involved in this illegal business to sell the data to advertisement companies.