UK spies hacked Gemalto for SIM encryption keys

23 Feb 2015
00:00

In the latest installment of the Snowden files, it has emerged that the UK’s Government Communication Headquarters cyber spy agency and its stateside counterpart, the National Security Agency have managed to steal encryption keys used in SIM cards from Gemalto used by billions of mobile phone users.

The Netherlands-registered company makes up to two billion SIM cards a year and claims over 450 telcos as its clients.

According to an article by Jeremy Scahill and Josh Begley in the Intercept entitled the Great SIM Heist, GCHQ hacked Gemalto employees’ email accounts and in many cases found that encryption keys were emailed to telcos with simple to break encryption or even with no encryption at all.

A SIM card encryption key would allow spy agencies to listen in on conversations or data streams without the need for a court order and without leaving any trace of the interception in the network logs.

Most telcos have outsourced this tedious task of personalising SIM cards to companies such as Gemalto, which then gives the telcos the SIM cards and the corresponding keys to enter into their network.

The leaked GCHQ slide from 2010 showed that the UK spy agency had implanted software on several machines in Gemalto’s network and that they had access to their entire network.

GCHQ also had control over several telcos’ core network and billing systems, the latter being used to suppress activities that may have shown up during operations.

Pages

Comments
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.