People using electronic SIM (eSIM) cards while traveling abroad risk having their personal data monitored by China, a Taiwanese technology specialist wrote on social media on Sunday.
The use of eSIMs has become increasingly popular among international travelers, as they can access the Internet immediately upon arrival by simply scanning a QR code, without needing to replace physical SIM cards.
Data plans offered in certain countries can be up to five times cheaper than the international roaming services offered by Taiwanese telecom operators.
Photo: Taipei Times
However, cacaFly CEO Nathan Chiu (邱繼弘) wrote on social media that most people underestimate cybersecurity risks when using eSIMs.
Chiu cited a study undertaken by Northeastern University researchers in the US during the USENIX Security Symposium in August last year titled “eSIMplicity or eSIMplication?” in which the research team purchased 25 different eSIM cards widely used by international travelers and tested where the network packets were transmitted in their data services.
Almost all of the eSIM cards in the study showed IP addresses that were not in the same locations as the users, he said.
People using Holafly, an Ireland-based eSIM card operator, would see an IP address on their mobile phones belonging to Hong Kong-based China Mobile International Ltd, he said.
The study found that after an eSIM profile was installed, it might automatically use the SIM application toolkit to secretly establish connections to servers in Singapore and receive text messages from Hong Kong numbers, all without the user’s knowledge, Chiu said.
Packets containing metadata, such as international mobile subscriber identity, international mobile equipment identity, location trajectory, traffic behavior and domain name system queries, were routed through the core network of China Mobile before reaching their final destinations, he said.
Although China Mobile International is registered in Hong Kong, it is obligated to follow China’s Cybersecurity Law and National Intelligence Law, which require all Chinese telecoms to cooperate with national intelligence agencies, Chiu said.
One possible concern for consumers is that they could be denied access to ChatGPT, Claude or Gemini if they try to enter them through IP addresses based in China, Hong Kong and Macau, Chiu said.
“You could be in Japan, Thailand or Europe, but OpenAI, Anthropic and Google would still see you as Hong Kong users because the packets are routed through there,” he said.
All eSIM card operators based in China, Hong Kong and Macau are aware of this problem, as they inform users that they need to manually change the access point name to eSIM Next and switch the IP address to Singapore if they want to access ChatGPT or other US-based AI apps using their eSIM cards, Chiu said.
Customers might assume they cannot access ChatGPT because the app’s servers or the Wi-Fi in the hotel were down or their mobile phones malfunctioned, he said.
“Rather than banning the use of China-based eSIM cards, the question we should be asking is why Taiwanese were reluctant to buy eSIM cards sold by Chunghwa Telecom, Taiwan Mobile and Far Eastone Telecommunications, given that they have signed agreements on Internet protocol and roaming exchanges with nearly all telecom operators around the world,” Chiu said.
Chiu said the situation was caused by the National Communications Commission’s regulatory framework for eSIM cards, which is identical to that for physical SIM cards to prevent telecom fraud.
People who want to buy eSIM cards from Taiwanese telecoms must do so in person and pay a NT$300 fee.
They are also prohibited from switching the cards to other users online and must file a new application when using a new mobile phone, Chiu said.
All international roaming services must also be bundled with mobile phone numbers, he added.
To avoid the hassle, most consumers simply choose eSIM cards sold in other countries offering cheap data-only services not tied to a phone number, he said.
The NCC responded that all three major telecom operators already offer prepaid data-only services for overseas travel and that activation fees might be waived under certain conditions.
However, under the Fraud Crime Hazard Prevention Act (詐欺犯罪危害防制條例), users must still complete Know Your Customer procedures before the services can be provided.
It said it would consult law enforcement authorities and the three major telecom operators to examine the legality and feasibility of simplifying procedures.
NATIONAL SECURITY: Authorities are working to confirm the identities of the military personnel involved and investigating possible illegal conduct and regulatory violations Authorities are probing possible national security implications after Kinmen police and immigration officers on Sunday found a Chinese woman allegedly posing as a tourist while engaging in prostitution involving more than 10 military personnel. The woman, surnamed Chen (陳), has since been deported, authorities said, adding that investigators are still working to confirm the identities of those implicated, as the records only listed code names and aliases. The case stemmed from a report received by the Kinmen District Prosecutors’ Office on Friday last week from the Jinhu Precinct of the Kinmen County Police Bureau. On Sunday, police, along with the National Immigration
GLOBALGIVING: ‘ Caving to external pressure is not acceptable for an organization that has cultivated justice reform and human rights for 30 years,’ one NGO said A slew of non-government organizations (NGOs) have withdrawn from the GlobalGiving fundraising platform after it announced it would use “Chinese Taipei” instead of “Taiwan” from next month. The Taiwan Good Rice Association wrote on Facebook on Friday that it was informed on April 28 via a teleconference call of the change, which was made because the platform wanted to operate in China. Taiwan Good Rice is to terminate all cooperative relationships with GlobalGiving in response to the platform’s “unilateral and non-negotiable” decision to remove references to Taiwan, the NGO said. “Taiwan is in the official name of Taiwan Good Rice Association and the
STAY COOL: The HPA recommended that people stay hydrated, use air-conditioning or fans while indoors, wear loose-fitting clothes and walk in the shade while outdoors Employers must implement measures such as installing cooling equipment, and providing drinking water and rest breaks for outdoor workers starting from Monday next week, the Taipei Department of Labor said on Sunday. Employers who fail to comply could face fines of NT$30,000 to NT$300,000 under the Occupational Safety and Health Act (職業安全衛生法), the department said. Businesses in Taipei employing fewer than 100 workers, as well as registered self-employed workers with labor insurance coverage, could receive on-site assessments and guidance from occupational safety consultants to help them apply for central government subsidies to implement or improve heat-protection measures, it said. Under the Ministry of
Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) yesterday briefed her party’s Central Standing Committee regarding her scheduled visit to the US between Monday next week and June 16, saying that her purpose would be to persuade the US that the Republic of China (ROC) Constitution was a “one China” constitution that would foster stable and peaceful cross-strait relations. The ROC Constitution is the most important defense for all Taiwanese citizens, as it upholds our democracy and has contributed to our robust economy, which aligns with international and US interests, she said. “We would not be troublemakers and drag the US under,”
RSS