NEW DELHI: The government is set to launch a mass replacement of old SIM cards, after a joint inquiry by the National Cyber Security Coordinator (NCSC) and the Ministry of Home Affairs found alarming evidence that some SIM cards in use could have chipsets made in China, raising serious national security issues.
The probe was initiated in the wake of increasing concern over the integrity of India’s telecom network.
During the investigation, officials found that certain vendors providing SIM cards to major telecom operators, like Reliance Jio, Airtel, and Vodafone Idea (Vi), had abused the trusted source certification system.
While they had initially presented themselves as procuring chipsets from reliable nations like Taiwan or Vietnam, it was subsequently found that part of these components had indeed been imported from China.
This revelation prompted a high-level meeting between representatives of NCSC, the Department of Telecommunications, and senior officials from the nation’s largest telecom companies.
During that meeting, there were serious concerns expressed about the vulnerabilities in the current supply chain, and deliberations started on how best to tackle the problem.
One of the main proposals under consideration is the phased replacement of SIM cards that could potentially be compromised.
The incident assumes even greater importance against the backdrop of India’s recent efforts to protect its
communication and digital networks.
Over the last few years, the government has placed restrictions on Chinese telecom majors such as Huawei and ZTE, and has made mandatory security testing and certification for all telecommunication equipment utilised in the country.
These efforts are aimed at ensuring that there is no foreign-made hardware threatening national security.
The use of Chinese chipsets in SIM cards, however, fell between the cracks. It seems that some vendors took advantage of regulatory loopholes by faking the origin of their chipsets.
Whereas the assumption was that only those components from validated and trusted sources would be permitted, the probe discovered that this faith was broken in several instances. This has triggered new concerns regarding how deeply tainted hardware could have permeated Indian telecom networks.
What complicates the matter is that such potentially compromised SIM cards might not be restricted to a certain period.
While a 2021 update to the Unified Access Service License was intended to prevent telecom operators from purchasing equipment from untrusted suppliers, the probe indicates that some suppliers still managed to evade the rules.
That implies SIM cards manufactured both before and after 2021 might be at risk.
The government is now considering its next move. Officials are currently gauging the extent of the problem and making plans for a national SIM card swap programme.
If implemented, this scheme could affect millions of mobile phone subscribers, particularly those who are still holding on to SIMs that were handed out years ago.
As India ramps up its digital security clampdown, this step could be another important step towards strengthening the country’s telecommunications infrastructure against external interference.
After reviewing it, the government will release detailed guidelines.