The security of mobile phone users in Pakistan was severely compromised once more recently. Because of this security breach, the personal information of telecom company subscribers is now accessible to the general public online through a variety of mobile applications and websites. These online portals have allowed subscribers to gain access to their own data that is stored on the internet.
This data breach in telecommunications came to the public’s attention after a video of an app called Asan Bash began circulating on social media under the pretense that it allowed access to users’ data by using their mobile phone numbers. Simply inputting an individual’s mobile number in the space given for that purpose within this application is all that is required to gain access to a person’s CNIC number, family tree, and other information about that person. This was made clear in the movie.
Data of Mobile Phone Users in Pakistan is Available Online for Free
The fact that one may access the personal information of another person by simply inputting their mobile number is a significant security breach, and it demonstrates that the data we provide to telecom providers is in no way secure. When issuing new SIM cards, telecom providers must first get a CNIC, and this information is subsequently uploaded to the server in order to complete the verification procedure.
It is not the first time that the security of consumers has been breached; in the past, the data of telecom firms were easily accessible on the internet for no cost, and anybody was able to obtain the CNIC and mobile numbers of customers.
A website known as “simdatabaseonline” allowed mobile subscribers unrestricted access to their data as well as the CNICs that were linked to their mobile phones. Through this page, users entered the mobile numbers of other telecom subscribers in order to gain access to their CNIC and the information that was related to it, much like they did with the app that was stated earlier.
Experts in cyber security expressed some grave worries while discussing the current security incident, including the following:
When you download the aforementioned mobile application, you grant permission for it to access all of the data stored on your mobile device, including the contacts you have saved, your email, your images, and your bank accounts. By accepting the terms and conditions of such apps and allowing them access to all of your data, you have given them legal permission to do so. By using these programs, many users have exposed themselves to risks to their mobile data. Therefore, it is strongly recommended that you should not utilize certain programs that were developed by third parties,”
In addition to that, there is a possibility that this data breach is connected to the National Database Registration Authority (NADRA) database. However, Nadra has refuted these charges, citing the fact that Nadra Data is written in Urdu rather than English, although the data of users that was compromised was written in English; despite this, an investigation will be launched into the matter. Additionally, Nadra disclosed that it has sent the matter to the Cyber and Crimes Wings of the Federal Investigation Agency (FIA) for further investigation into the matter.