The GSMA says in the letter dated
"The overlay SIM has the potential to facilitate a man-in-the-middle attack by observing, collecting and revealing sensitive data such as PINs, ciphering and integrity keys," the GSMA says in the advisory note to the
The GSMA says thin SIM is capable of bypassing any security technologies, such as cryptographic keys to record sensitive data and make it available to third parties.
The slim SIM can also facilitate unauthorised access to the primary SIM card, change of configuration settings and execution of actions without the explicit permission or knowledge of the mobile user, the GSMA says, adding that the technology can allow recording and divulging of mobile user PIN details without the phone user's knowledge.
The technical opinion risks further delaying Equity's use of the thin SIM to enter the lucrative mobile money market.
The GSMA says that the CA should use the services of an independent consultant to ascertain that any planned deployment of the thin SIM technology is free from the above risks before authorising its use.
"If the use of the overlay SIM is permitted, the GSMA recommends that only overlay SIM solutions that have been analysed and certified by an independent consultant, as being free from any functionality designed to undermine security levels for users of those SIMs should be deployed," the GSMA says.
The GSMA is among mobile telecoms authorities from whom the CA had sought expert opinion as it prepares to make a decision on
The industry regulator also sought the opinion of thin SIM card manufacturer Taisys, and has announced plans to conduct its own research before making the final decision.
Francis Wangusi, the CA director-general, did not respond to questions on the matter, insisting that doing so would be preemptive. He promised to issue a comprehensive statement later this week.
The battle for control of
Finseve has responded to
"It is inconceivable that such an entity would manufacture and distribute a product that is capable of exposing the country to the kind of risks mentioned by
Finserve further argues that the thin SIM technology is already in use in respectable markets such as the
The GSMA, however, argues that while Finserve and Taisys may take all the necessary security precautions there is still danger of a malicious third party accessing sensitive data using malware.
"A risk also exists that, even if the overlay SIM supplier and issuer behave responsibly, a malicious third party could potentially down load a 'Trojan' application to the overlay SIM to access sensitive data," the GSMA says.
The GSMA refused to respond to questions on the advisory opinion it offered the CA.
Chinese operators have used the thin SIM technology in the provision of mobile banking services while in the US 'KnowRoaming' -- a private service -- uses the thin SIM to automatically connect subscribers to local wireless networks whenever they travel.
"In our opinion, the responsibility of licensing mobile phone operators lies with the authority alone. A licensee like
The operator, which plans to enter the telecoms market under a a Mobile Virtual Network Operator (MVNO) licence it was awarded earlier this year, says the thin SIM it intends to use does not have the capacity to hack or crack the service and connections of the primary SIM or any meaningful encryption or security mechanisms by itself.
"It cannot remotely connect to outside source for additional resource without the user noticing (connecting can only be through mobile network, either SMS or data, which the user will notice through unrecogonised usage or traffic)," Finserve added.
Finserve says that Airtel Kenya, the telecoms operator on whose network it will ride, has tested the thin SIM and confirmed that it can neither interfere nor intercept communication between the mobile handset and the primary SIM.
Finserve was in April granted the MVNO licence alongside
Most Popular Stories
- Hollywood Eager to Grasp Hispanic Market
- IS Funded by Black Market Oil Sales, Racketeering
- Cloud Lifts Microsoft's Quarterly Results
- Frightfully Fun Films Return for Halloween
- Weekly Jobless Claims Rise but Remain Low
- Would Soccer Be Richer Without Small Clubs?
- Pfizer Approves $11 Billion Buyback Plan
- Stocks Continue Strong After Opening Surge
- Teresa Giudice Must Serve Time in Prison
- Jennifer Aniston, Justin Theroux Set the Date