The Business Times

IMDA investigates StarHub’s Giga for e-SIM security lapse

    • For one customer, the lack of verification had resulted in hackers taking control of the phone line and gaining access to information.
    • For one customer, the lack of verification had resulted in hackers taking control of the phone line and gaining access to information. PHOTO: ST FILE
    Published Fri, Dec 6, 2024 · 06:51 PM

    TELCO StarHub is being investigated by the sector’s regulator for failing to verify the identity of users requesting to port their Giga e-SIMs to another phone.

    The Straits Times understands that for one customer, the lack of verification had resulted in hackers taking control of the phone line and gaining access to information including banking SMS OTPs.

    Giga is the no-frills sub-brand of StarHub.

    When contacted about this case, sector regulator the Infocomm Media Development Authority of Singapore told ST: “StarHub failed to fully implement these measures for the re-issuance of eSIM to customers through its app. IMDA is investigating.”

    She added: “For (the) issuance or re-issuance of SIM cards, mobile operators must have robust registration procedures in place for both SIM and eSIM.”

    Telcos are required to verify users’ identity – by using SingPass or sighting identification cards such as NRIC or work passes – when issuing physical SIM cards or e-SIMs, said the IMDA spokesman. Verification also applies to the porting of e-SIMs to another device.

    BT in your inbox

    Start and end each day with the latest news stories and analyses delivered straight to your inbox.

    Experts said that without such verifications, an e-SIM can be easily hijacked when a hacker gets hold of a victim’s personal details, either via phishing or from leaked corporate databases.

    e-SIMs, an alternative to physical SIM cards, are software tokens remotely loaded onto devices by telcos. e-SIMs are gaining popularity as they are convenient. When switching plans or telcos, users need not deal with physical SIM cards which they must get from telco stores or via couriers.

    In Jan 2023, an impersonator managed to take over a Circles.Life customer’s mobile line after speaking to a service agent on Circles.Life’s live chat service. Soon after, the scammer took over the victim’s WhatsApp account and multiple e-wallets.

    When contacted, a Giga spokesman said: “Our customers’ security and privacy are top priorities for us, and we are committed to safeguarding them. Giga actively engages IMDA and is working closely with IMDA on this matter.”

    “An eSIM works the same as a normal physical SIM card, but with the convenience for users to switch to new mobile plans or to a new operator without having to visit a store or change out the SIM card,” said the IMDA spokesman.

    “For telco apps like Giga, it is industry best practice for mobile operators to put in place two factor authentication (2FA) when subscribers access their accounts via these channels. StarHub has since implemented 2FA on the Giga app,” she added.

    “Consumers should also play their part in securing their online accounts and personal information, by adopting good cyber hygiene practices, such as not using the same password across different accounts.” THE STRAITS TIMES

    StarHub

    Copyright SPH Media. All rights reserved.

    Reuse this contentFeedback
    Latest T-bills Treasury Bills Results & Interest NewsLatest SSB Singapore Savings Bonds NewsLatest COE Certificate of Entitlement News
    Latest Johor-Singapore SEZ NewsLatest BTO Build To Order & Sales of Balance NewsLatest STI Straits Times Index NewsLatest SGX Dividends, Share Price NewsLatest Bonds Market NewsLatest Singapore Stocks To Buy NewsLatest Singapore Economy News
    View More