Spy agencies compromised world’s largest SIM card maker

It’s no secret that governmental agencies the world around are using all sorts of techniques to monitor what we do on our smartphones. Sometimes that’s using a court order to get access to a suspect’s device; sometimes that’s convincing a carrier to hand over bulk records for all its subscribers, guilty and innocent alike; sometimes it even means setting up a fake cellular tower to trick our phones into giving up information on themselves. But now a new report shines light on what could be one of the most far-reaching efforts to date, as British and American spies infiltrated the company behind a good fraction of the world’s SIM cards, compromising the encryption keys that protect our smartphone communications.

Leaked GCHQ docs show the British agency working in concert with the NSA to get access to the internal network of Gemalto, a firm that makes upwards of two billion SIM chips a year, including those going out to subscribers of all four big US carriers.

sim-cardsCellular communications between your phone and your network’s towers are encrypted with the help of keys stored on those SIM chips, and by getting access to these keys before the SIMs even shipped out of the factory, the NSA and GCHQ appear to have given themselves the tools they need to passively sniff cellular data.

That’s hugely more advantageous than the tower-impersonation scheme we mentioned earlier, as it’s both nearly immune to detection and enables the gathering of data on a much larger scale.

The good news, if there’s any in all of this, is that your smartphone data (voice is another story) might already be hardened against such monitoring. If you’re using apps that implement their own encryption, as most good ones will do, being able to read data as it flies between your phone and the tower becomes of much limited use. If you funnel your phone data through an encrypted VPN, you’re doing one better, adding an extra layer of security for all your data.

Gemalto is currently investigating just how this all might have happened, and taking steps to see that its SIM keys are more secure in the future.

Source: The Intercept
Via: CrackBerry

Share This Post
Join the discussion...
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!