Selangor Journal
Putrajaya district police chief ACP Mohd Fadzil Ali showing the MySejahtera mobile application as part of the compliance with the standard operating procedures (SOPs) under the movement control order (MCO) at Precinct 15 and 18, Putrajaya, on January 17, 2021. — Picture by BERNAMA

MySejahtera security level improved — MOH

PUTRAJAYA, Oct 20 — The security level of MySejahtera’s application and website has been improved following complaints regarding the issue of OTP (One Time Password) messages and spam emails, said the Ministry of Health (MOH).

MOH in a statement today said a preliminary investigation conducted by the National Cyber Security Agency (NACSA) found that the fake emails and SMS sent from the MySejahtera application was not due to a database leak, but rather misuse of the Application Programming Interface (API).

According to the MOH, on the MySejahtera website, there is a MySejahtera Check-In Registration function for businesses, premises, public transport and others to obtain and display the MySejahtera QR Code where applicants, among others, need to enter information such as email or phone number to obtain an OTP to complete the application.

The MOH said the initial investigation found that the MySejahtera Check-in QR Code Registration application function had been misused by irresponsible parties, by using random email addresses or telephone numbers to perform the registration process.

“If the phone number or email address entered at random exists, MySejahtera will send an OTP to the owner of the phone number or email address to confirm the registration,” said MOH.

In addition, MOH said the Need Help? function on the same site has also been misused to send random spam emails.

“Following this irresponsible action, the MySejahtera team has further increased the security level of the MySejahtera application and website to prevent the same incident from recurring,” it said.

The issue of MySejahtera application security was first raised yesterday after a handful of users received OTP messages via their respective emails.

A popular website (Lowyat.net) also featured a post titled “MySejahtera Not So Sejahtera, Full of Exploits”, which said that the MySejahtera application can be used to send OTP messages to anyone’s phone number.

MySejahtera’s application and website are currently under the joint management of the MOH and the National Security Council (NSC).

— Bernama

Top Picks

Police arrests French-Israeli man with six guns in Kuala Lumpur

Litrak’s toll rebate prog for Damansara-Puchong Expressway users ends April 1