Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Interface

Gemalto acknowledges NSA, GCHQ hacking

Posted: 26 Feb 2015     Print Version  Bookmark and Share

Keywords:Gemalto  SIM  NSA  GCHQ  hack 

So you've already heard that U.S. and the UK security agencies have access to anything with a SIM card. SIM cards, as you would recall, are used in phones, bank cards and several other "e-cards." But those using 3G or 4G mobile networks need not panic.

Cellular users on the first iteration of the digital technology, 2G, however need to be aware that others might be listening in or hacking their texts. That is one of headline conclusions of Gemalto's internal investigations into last week's allegations, as reported in sister publication that the U.S. National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ) allegedly stole encryption keys from the world's largest maker of SIM cards for mobiles and bank cards, which enabled the spies to eavesdrop on billions of phone calls and texts around the world.

The accusations about the sophisticated cyber hacking heist were made last week in the website The Intercept based on documents provided by whistle-blower Edward Snowden. The Franco-Dutch company—which makes about 2 billion SIM cards a year, and whose motto, ironically, is "Security to be Free"—immediately said it would investigate the allegations.

What Gemalto found

Gemalto acknowledged Wednesday (February 25) that "an operation by NSA and GCHQ probably happened." But just to calm nerves, it also stressed the attacks only breached its office networks "and could not have resulted in a massive theft of SIM encryption keys."

It added that the attack had no impact on its other products, such as chips for bank cards and e-passports. And just to reassure civilian users of its devices, Gemalto stressed it was committed to provide 'the best levels of security" that are audited and certified by third parties.

"Nevertheless, we are conscious that the most eminent state agencies, especially when they work together, have resources and legal support that go far beyond that of typical hackers and criminal organisations." Gemalto says in a press statement.

Gemalto also notes that the documents show GCHQ and NSA also targeted several SIM makers and 'other parties,' and refuted many of the allegations leaked to The Intercept.

For instance, the company stresses it never sold SIM cards to four of the twelve operators listed, and that several of the 'SIM personalisation centres' mentioned, notably in Italy, Japan and Columbia, did not operate at the time of the sting.

Perhaps the most surprising revelation by Gemalto is that back in 2010 and 2011 the company had knowledge of "two particularly sophisticated intrusions which could be related to the operation."

The company added: "At the time we were unable to identify the perpetrators but we now think they could be related to the NSA and GCHQ operation."

Gemalto now says that by that time, it had "already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft."

And, not entirely reassuringly, in the case of an eventual key theft "the intelligence services would only be able to spy on communications on 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack."

The impact of the whole saga will have ripples around the world, for the makers of SIM cards, mobile communications network providers, and most importantly their users, in particular those who use their mobiles for payments.

1 • 2 Next Page Last Page

Comment on "Gemalto acknowledges NSA, GCHQ hacki..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top