SIM Card manufacturer Gemalto, who according to NSA leaker Edward Snowden was reportedly hacked by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ) in 2010, has responded to the claims after an internal investigation.
The company has come out after it was alleged that the NSA and GCHQ had stolen master encryption keys for SIM cards manufactured by them and sold on to over 450 wireless network operators in 85 countries around the world. The internal investigation has found that the hack ‘probably happened’, but that ‘The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys’.
So while Gemalto may have been hacked, the probability of a wide-spread breach of SIM card security has been over-stated. Gemalto advised they had undertaken precautions prior to the supposed hack, which saw them use a secure transfer system to transfer keys to their customers. Furthermore, they advised
In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack.
It’s a good outcome if this is all indeed true. SIM card security remains in-tact and you can probably remove your tin-foil hat, for now.
