KUALA LUMPUR: A cybersecurity expert has called upon the government to take steps in ensuring that the Road Transport Department (RTD) database is secured, following the move to digitise the department's services.
Universiti Sains Malaysia (USM) Professor Dr Selvakumar Manickam told the New Straits Times that the government should have conducted a thorough stress test of the MyJPJ application before launching it for public use.
He said the digitising of RTD's services is yet another major concern as an unsecured API could potentially leak data stored on its servers. Recent cases of data leaks should have served as a lesson for the government to improve its security, he said.
"The data might be pulled from various agencies, so now, the government must ensure that the servers are secured.
"With reverse engineering, the hackers can locate the source code, try to break the communication and steal the data.
"It is quite easy if one knows how the application communicates with the backend server," he said today.
He proposed that the government hire consultants to monitor the application and website where RTD enforcement personnel and policemen would be using to obtain the motorists' data.
With many opting to use the service, he said that the server could get congested and those maintaining the service would be sidetracked to fix the problem, rather than focus on protecting the server.
Thus a consultant would come in handy for the security breach issues.
"The problem is that we only react when a leak takes place, and when it does, (there is) no point. We also have to look at whether the application was built by RTD themselves or whether it was outsourced. If it is outsourced, how trusted is it?" he added
Beginning yesterday, private vehicle owners will no longer need to display their vehicle licence (commonly known as road tax) on the windscreen or carry a physical copy of their driving licence.
Transport Minister Anthony Loke said this was because the two would be made available in a digital version via the Road Transport Department (RTD) public portal (https://public.jpj.gov.my) or mobile application MyJPJ, which could be downloaded from the App Store, Play Store or Huawei App Gallery.
He said the move was part of the ministry's efforts to digitise services offered by the RTD.