Bonus $100
Promo Codes 2024
Users' Choice
90
89
88
85

ID thieves target Thai SIM registration scheme

04 May 2015
00:00
Read More

Thailand’s efforts to ensure all pre-paid SIMs are registered by the end of July have run into rocky waters.

Reports are flooding in of identity thieves setting up fake SIM registration desks to slurp up the ID cards and other personal details of mobile phone subscribers simply wishing to comply with the law - and in many cases, charging the victims for the privilege.

Unregistered SIMs will cease to function after July 31.

Thailand currently has 83 million pre-paid SIMs - 39.36 million AIS, 24.15 million Dtac and 19.8 million TrueMove H. As of April 28, only 30.5 million have been registered.

The National Broadcasting and Telecommunications Commission rolled out an Android application, roughly translated as 2-Snap hat would allow SIM card dealers to take a picture of a SIM card and a ID card in order to register the SIM card in just two snaps. However, the app’s security has proven to be sorely lacking from day one.

Many dealer passwords to the 2-snap app have been leaked and posted on webboards allowing people to download the app and register themselves. The app itself is freely downloadable on the Google Play store, though is geo-locked to Thailand phones.

The regulator has revised the system, getting rid of small dealers, locking the MAC address to each username and password and adding True’s sister company 7-11 convenience stores and Ministry of Interior regional offices as registration points.

In addition, a large number of TrueMove H and Dtac subscribers who have registered their SIMs through the NBTC’s 2-Snap application appear not to be registered.

The regulator has said it would review the registration information already submitted with compromised dealer usernames.

The NBTC has already paid $90,000 (3 million Baht) for the development of the 2-Snap registration application and these new security features will cost the regulator an additional $300,000 (10 million Baht).

TelecomAsia had reported back in August 2014 that the 2-Snap application had passwords to its servers in plain-text hard-coded into the software that was easily visible for anyone technically-inclined to see.

.

Related content

Rating: 5