Opinions clash over severity of spy agency SIM card hack

Last week we saw the emergence of a troubling report, one claiming that the GCHQ and NSA compromised the security of SIM-card-maker Gemalto, accessing encryption keys that would in theory allow the spy agencies to passively monitor cellular communications as they moved from our phones to cellular towers. It was quite the alarming claim, but one that was difficult to immediately quantify in terms of its impact on end users: just what could such a hack conceivably mean for the security of your data? Today Gemalto has released a follow-up statement looking into the scope of the attack on its networks, while another report warns of some even more severe consequences.

The general tone of Gemalto’s internal inquiry is that for the most part, this hack probably isn’t a big deal. It claims that the agencies in question would have had, at worst, access to some office networks that wouldn’t empower them to steal encryption keys en masse. While it acknowledges that some attacks may have been possible, it suggests we’re not looking at a situation where these spies have access to the keys protecting billions and billions of SIMs. And though keys could have been grabbed when sharing them with certain carriers, Gemalto uses a secure communication scheme for the majority of such transfers, one it does not believe is implicated in these hacks.

That said, in cases where the NSA and GCHQ did get their dirty little hands on keys, it’s possible that they could be up to a lot worse than simply monitoring cellular traffic. Possession of SIM OTA keys would enable these agencies to remotely install malicious software directly to the SIM cards of targeted phones. These programs could force SIMs to turn against their users, continually reporting location data back to the agencies, or selectively interfering with communications.

Source: Gemalto, The Verge

Discuss This Post

Read More

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!