It’s a small chip that connects a mobile or a tablet to the operator’s network. Many of the subscriber identification modules, popularly known as SIM cards, used by more than 900 million mobile users in the country, can be a major threat to national security as these might have been produced with malicious embedded software.
To ensure security, the Department of Telecommunications (DoT) has recommended that mobile service providers should manufacture the SIM cards in India with indigenously designed chips incorporating specific laid down standards.
The DoT has also recommended that the clause should also be included in the proposed Cyber Security Policy.
According to the DoT recommendations, the whole electronics eco-system for this and other purposes, starting from the wafer fabrication, needs to be built. The matter is, thus, viewed as key “policy objective and outcome”.
A majority of these SIM cards, which are 85.60mm in length, 53.98mm in width and 0.76mm thick, are currently imported under the open general licence (OGL) from different Asian countries, including China.
According to DoT estimates, more than 30 per cent SIM cards are imported at present.
There is a fear that the embedded software can turn the SIM cards into a mini computer that might lead to abuse and misuse of information.
As the SIM cards are manufactured outside India, telcom companies have to provide the encryption keys to the manufacturers for personalisation of the SIMs, as part of the standard trade practice. By using the encryption keys, SIM cards can be cloned which could put the nation’s security at risk. Using the encryption keys, the original users can easily be tracked and monitored, which could be used by foreign intelligence agencies or terrorist outfits, putting the nation’s security at risk.
To enhance protection and resilience of India’s critical information infrastructure, the DoT has proposed that a National Framework for critical Information Infrastructure Protection should be created as it has already been identified as one of the vital components of the proposed Cyber Security Policy.
According to industry insiders, Indian security agencies have earlier proposed that blank SIM cards can be allowed for import and the personalisation process should entirely be done indigenously.
Interestingly, using the cloning technology, a SIM card can be faked, which could lead to further misuse of the original user’s data. Technically, SIM cloning has become difficult now-a-days, as it requires physical approach to clone a SIM card today as opposed to simply being within radio reach even a few years ago.
SIM cards store cardholder’s customer data, security data, authentication encryption algorithm.
Earlier, the Ministry of Home Affairs raised alarm on the issue asking the DoT to ensure indigenous personalisation and production of SIM cards.
The DoT has also proposed imposition of tax on imports of SIM cards till complete indigenous production is ensured. However, mobile companies will have to seek security clearances for each procurement, it is stated.