Gemalto found itself at the center of a new hacking scandal this week after The Intercept reported the SIM card maker was compromised by the NSA and the UK's Government Communications Headquarters (GCHQ). The Intercept claims the U.S. and British spy agencies stole the encryption keys for SIM cards so they would be able to secretly monitor cell phone users around the world. With the keys in hand, the agencies could snoop around completely undetected by the targets or the network operators, and could do so without warrants. SIM cards are used in most mobile phones to identify the customer and allow the device to access the network. They are protected by light encryption, but only to prevent fraud -- not hacking. Possessing the encryption keys to the cards allowed the agencies to bypass the built-in security measures completely. In order to do this, the agencies monitored Gemalto employees and eventually broke into Gemalto's computer systems. The hacks took place in 2010, and Gemalto was completely unaware of the breech until contacted by The Intercept. The company issued a statement today, saying, "Gemalto is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday. We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques." Gemalto is the world's largest manufacturer of SIM cards and ships about two billion SIM cards per year. The company is headquartered in The Netherlands, but has a large office in Texas and a manufacturing plant in Pennsylvania. AT&T, Sprint, T-Mobile, and Verizon Wireless all use Gemalto SIM cards in their mobile devices, as do 450 other mobile network operators around the globe. The Intercept's report is based on documents released by NSA leaker Edward Snowden.
More...
Bookmarks