Expert: Guard Absher password and mobile

DAMMAM: A security expert has warned against disclosing password for one's Absher account or being lax in protecting the security of personal mobile.

He said the electronic system of the Ministry of Interior, which aims to provide e-services for citizens and residents in the Kingdom in a safe and accurate manner, can’t be easily hacked unless access is gained to the mobile phone of the account holder.
Digital evidence expert Abdulrazzaq Al-Murjan said failing to protect the mobile phone and access to the secret number needed for double authentication were the reasons behind the escape of the three Daesh sisters to Lebanon last week, before Saudi security authorities reached them.
He said Absher, through which the General Passport Directorate offers e-services in a safe and accurate manner around the clock, has two protection levels, which are the password and verification code.
He added the system offers a lot of services such as issuing residency visas, issuing exist and re-entry visas, and offering travel permit services for women and minors. One of the system’s main goals is to curb forging and counterfeiting.
He said that the three sisters' break-in into Absher was the subject of public debate on the social media. According to the Ministry of Interior, their travel procedures outside the Kingdom were regular, since they were able to get access to Absher data related to their guardian and issue e-travel permits for themselves and their children.
Al-Murjan said getting access to the password was not enough to get access to the account of the guardian. It was necessary to get the secret verification code which is delivered to the mobile phone linked to the account, in this case their guardian’s phone.
Al-Murjan said that there are many theories about how the guardian's account was hacked. It could be that one of them betrayed the guardian’s trust, either because he is ignorant about technology or because he trusted one of them. He might have sought the help of one of the sisters to create his password, and they might have exploited the chance to link their phone numbers to his account. They might have stolen the number to get access to the system and took the phone to get the verification code and issue the travel permit.
He said that getting access to the guardian’s account is an electronic crime, stressing that the hacking came from the guardian’s side, either because of his ignorance or weak protection or trust. This is an inside job and all the more difficult to stop.
He cited the case of a Saudi teacher, who is the mother to three children and divorced. She fled from Makkah to Jeddah and traveled to Turkey to join Daesh, but security authorities couldn’t stop her because they weren’t notified about her escape until after she left the country.
He said it is important to educate society about these risks and activate departure messages to the guardian, especially since the travel permit includes children under 21 years of age, which is the target group of terrorist organizations.