Dutch SIM card manufacturer Gemalto says its networks were “probably” hacked, but that encryption keys were not compromised. It made the statement while sharing the findings of its internal investigation into claims its systems were breached by the NSA and GCHQ.
Gemalto said yesterday that it believes its SIM cards are secure. In its report today, it adds that it implemented a secure transfer system for SIM keys with mobile operators in 2010, and that the breach would most likely not have affected its operations.
The company also says that even if the intelligence agencies had managed to steal these keys, they would only be able to spy on 2G mobile traffic as 3G and 4G connections aren’t susceptible to such attacks. The security flaws in the original 2G standards were removed with proprietary algorithms that continue to be used by major mobile operators.
The findings reveal that Gemalto had detected two intrusions in 2010 and 2011, which it believes could be related to the US and UK intelligence agencies’ operations. It also states that “Gemalto has never sold SIM cards to four of the twelve operators listed in the documents, in particular to the Somali carrier where a reported 300,000 keys were stolen.”
The investigation was prompted by a report published by The Intercept last week, which detailed the NSA and GCHQ’s attempts to monitor communications across the world over cellular voice and data.
➤ Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) [Gemalto]
Image credit: Shutterstock