I think I’ve found a serious flaw with the MyJPJ apps.

Did u know, the apps allowing anybody to register as long as u have an ic number that registered to JPJ database. Yes. without any verification that u own the ic number.

The only thing preventing you from registering with someone else ic are the term and condition. This could lead to some people with bad intention to use someone else ic and register the apps to get information such as home address and picture of u.

And i could see in future that some people could not register their account as the account might be registered earlier by someone else.

i do realised, u are required to put your phone number. But u can put anybody phone number. Right?

I might be wrong. Need to verify with someone with IT security expert or anybody?




-----


This post has been edited by fadzly: Jun 21 2023, 12:50 PM

If u can register ur parents account using your phone number and email, means everyone can be your parents.

Old people are not tech savvy. Hence they are the one prone to complication like this.

This is what i scared will happen.

It somewhat similar to MySejahtera where u can register anybody like KJ to be your dependent. But good thing with MyS, they are not releasing private information.

Can do like shopee or tng camera verification

I got my parent registered within the same phone and email. Even after logged out my account, i can only see my license and not my parent. Havent tried delete the apps or clear cache yet. Another flaw.

KJ IC last time also leaked. People access to vaccine website and found the vaccine record is not there. Turn out the website no longer maintained. Very dangerous as could no longer change ur ic number.

Could some one tag Anthony loke about this?

I think they should come out with a verification to register.

Its like registering new account for facebook or gmail. Need to set up password email and phone number

Means anyone can reset password also?🥲

Its not about compulsory or what.

Someone can just create a script for register and run brutforce to get all information among those who havent register. Worst they could sell the data. Your home address there.

Or ah long try to locate you 10 years hutang, old ic got old info. U update the latest home address when renew. They register using ur ic, walla, they got your latest address.

They, JPJ got all the sop to verify user at their counter. Why didn’t practice the same online. Sigh.

Thanks wee ka siong.

What ive found is merely logic. Hence if they couldnt protect this simple thing means how bad our ict developers are.

Teruk nya. Sian.

proly u need to go JPJ.

im glad that they restricted the registration of the apps.

Noted. Thanks. Will put at front page