I think with the ample time and resources at Safaricom disposal before this issue was ruled in Equity favor, from business perspective they would have demonstrated a POC rather than requesting for GSMA which is made up of people who can be compromised to give their word. That way many potential customers would have believed Safcom and shy away. On Tue, Jul 21, 2015 at 3:23 PM, Stephen Munguti <kamitu.sm@gmail.com> wrote:
@fredrick,
GSM is intentionally flawed in the core to allow for LI (lawful interceptions). The thin sim from my movie knowledge is used to avoid LI and still intercept information assuming that the person in question has connections in the provider network that would inform him that his phone has been LIed
On Tue, Jul 21, 2015 at 3:17 PM, fredrick Wahome <frewah85@gmail.com> wrote:
Hehe..based on the fact that the paradigm is shifting from internet of things to internet of everything the cyber threat is basically on everything that we consume as digital consumers. With most of embedded systems having hard-coded backdoors which developers know of but "pray" no one knows, its clear that very soon we might give in to the risks. The I.P and GSM being flawed on the core but we continue using them.
On Tue, Jul 21, 2015 at 3:07 PM, Stephen Munguti <kamitu.sm@gmail.com> wrote:
@Fredrick,
The US intelligence is able to tap mobile phones in this manner, or so I heard. I am thinking that's were the technology first appeared. This may be as a result of watching too many movies
On Tue, Jul 21, 2015 at 3:00 PM, fredrick Wahome <frewah85@gmail.com> wrote:
As a potential end user I would be skeptical to move to equitel purely based on noises from media. As a technical user I would wait for a proof of concept of the said risk...
On Tue, Jul 21, 2015 at 2:20 PM, Mwendwa Kivuva via Security < security@lists.my.co.ke> wrote:
@mwendwa,
Its possible for the owner of the network of the thin sim to be privy to information that only the host network sim should be having. It all comes back to someone internal at Equitel having the proper technical skills and motivation to use the same
Stephen, Then we have a major problem right there. I would not like Safaricom to disown any responsibility on their part when my security is compromised because I used thin sim. Therefore any security conscious users would not dare jeopardize their transactions by using thin sim. The question then is, how many of us care about their transaction security?
> > On Tue, Jul 21, 2015 at 1:52 PM, Mwendwa Kivuva via skunkworks < skunkworks@lists.my.co.ke> wrote: >> >> Then the trending issue of the day. Equitel. Safaricom had taken Equity to court and sounded a big warning on the use of thin sim. http://www.businessdailyafrica.com/Corporate-News/Safaricom-sounds-warning-t... >> >> London-based GSMA, the global association of telecoms operators using the GSM technology, wrote to the Kenyan authorities warning of the risks that use of the slim SIM cards pose to the integrity of the mobile telecommunications platforms.The GSMA said the overlay SIM (which is embedded between a normal SIM card and the device) has the potential of harvesting and revealing sensitive data passing the system. >> >> Of course we all know Safaricom failed miserably in stopping Equity from progressing with its plans. >> >> Now the thin sim is here, and Equitel has said it will encrypt all data to and from the thin sim. Can experts in this area assure us that the use of thin sims will not affect the integrity of M-Pesa transactions? >> >> Regards >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke > > > > > -- > > Best Regards, > Stephen Munguti. > > +254720425104
--
Best Regards, Stephen Munguti.
+254720425104
_______________________________________________ Security mailing list Security@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
--
*-------------------------------------* *Kind Regards**;*
*Fredrick Wahome Ndung'uTeam LeaderSecunets Technologies LtdWebsite: www.secunets.com <http://www.secunets.com>Cell: +254725264890 <%2B254725264890>Email: fred@secunets.com <fred@secunets.com>**Facebook: secunetstech* *Twitter: @secunets*
*Skype: secunets.technologiesExperts in: *Domain Registration, Web Hosting, Open Source Solutions, Information Security & Training, Digital Forensic Investigations, Web 2.0 Applications & I.C.T Consultancy.
*"Secure Business Technology"*
------------------------------------------------------------------------------------------------------------------------------------------------ *SECUNETS TECHNOLOGIES DISCLAIMER:*
This email message and any file(s) transmitted with it is intended solely for the individual or entity to whom it is addressed and may contain confidential and/or legally privileged information which confidentiality and/or privilege is not lost or waived by reason of mistaken transmission. If you have received this message by error you are not authorized to view disseminate distribute or copy the message without the written consent of Secunets Technologies and are requested to contact the sender by telephone or e-mail and destroy the original. Although Secunets Technologies takes all reasonable precautions to ensure that this message and any file transmitted with it is virus free, Secunets Technologies accepts no liability for any damage that may be caused by any virus transmitted by this email.
--
Best Regards, Stephen Munguti.
+254720425104
--
*-------------------------------------* *Kind Regards**;*
*Fredrick Wahome Ndung'uTeam LeaderSecunets Technologies LtdWebsite: www.secunets.com <http://www.secunets.com>Cell: +254725264890 <%2B254725264890>Email: fred@secunets.com <fred@secunets.com>**Facebook: secunetstech* *Twitter: @secunets*
*Skype: secunets.technologiesExperts in: *Domain Registration, Web Hosting, Open Source Solutions, Information Security & Training, Digital Forensic Investigations, Web 2.0 Applications & I.C.T Consultancy.
*"Secure Business Technology"*
------------------------------------------------------------------------------------------------------------------------------------------------ *SECUNETS TECHNOLOGIES DISCLAIMER:*
This email message and any file(s) transmitted with it is intended solely for the individual or entity to whom it is addressed and may contain confidential and/or legally privileged information which confidentiality and/or privilege is not lost or waived by reason of mistaken transmission. If you have received this message by error you are not authorized to view disseminate distribute or copy the message without the written consent of Secunets Technologies and are requested to contact the sender by telephone or e-mail and destroy the original. Although Secunets Technologies takes all reasonable precautions to ensure that this message and any file transmitted with it is virus free, Secunets Technologies accepts no liability for any damage that may be caused by any virus transmitted by this email.
--
Best Regards, Stephen Munguti.
+254720425104
-- *-------------------------------------* *Kind Regards**;* *Fredrick Wahome Ndung'uTeam LeaderSecunets Technologies LtdWebsite: www.secunets.com <http://www.secunets.com>Cell: +254725264890Email: fred@secunets.com <fred@secunets.com>**Facebook: secunetstech* *Twitter: @secunets* *Skype: secunets.technologiesExperts in: *Domain Registration, Web Hosting, Open Source Solutions, Information Security & Training, Digital Forensic Investigations, Web 2.0 Applications & I.C.T Consultancy. *"Secure Business Technology"* ------------------------------------------------------------------------------------------------------------------------------------------------ *SECUNETS TECHNOLOGIES DISCLAIMER:* This email message and any file(s) transmitted with it is intended solely for the individual or entity to whom it is addressed and may contain confidential and/or legally privileged information which confidentiality and/or privilege is not lost or waived by reason of mistaken transmission. If you have received this message by error you are not authorized to view disseminate distribute or copy the message without the written consent of Secunets Technologies and are requested to contact the sender by telephone or e-mail and destroy the original. Although Secunets Technologies takes all reasonable precautions to ensure that this message and any file transmitted with it is virus free, Secunets Technologies accepts no liability for any damage that may be caused by any virus transmitted by this email.