Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > RF/Microwave

Gemalto acknowledges NSA, GCHQ hacking

Posted: 26 Feb 2015     Print Version  Bookmark and Share

Keywords:Gemalto  SIM  NSA  GCHQ  hack 

And the scale of the hack, as well as its global reach, will likely raise and reopen big issues again regarding the allegedly unlawful activities of the NSA in particular. The U.S. government is still trying to repair the damage from other Snowden revelations that the agency might have tapped the mobile phones of senior politicians in Germany and Brazil.

How they've done the hacking

According to the reports, the NSA and GCHQ joined forces early 2010 to form what they called The Mobile Handset Exploitation Team (MHET) specifically to crack the encryption keys of handsets and tablets that SIM makers embed into their devices. The corresponding keys are held by the network operator, and when a call is made, a secret 'handshake' validates the key, and the call becomes encrypted.

The MHET groups exploited loophole in the way Gemalto employees transferred the keys to the carriers—generally via e-mail or File Transfer Protocol. It did not help these Ki's (as they are known) have a remarkably slow turnover rate—they can stay stored for months or even years, and are thus prone to decryption. The agents used a very powerful program, called XKeyscore, developed by the NSA, to mine emails and web accounts of key personnel at the network operators.

The program was designed to reassemble and analyse the data packets it locates on a network. It is said to be sufficiently powerful to pull up the full contents of users' Web browser sessions.

Gradually, the agencies' operatives built up sufficient data to enable them to plant malware on several of Gemalto's servers.

Crucially, using fake cell towers and with their horde of encryption keys, the agencies could listen in to conversations and intercept data without asking governments or the courts for permission for a wiretap.

While clearly unlawful and shocking, should we really be so surprised that this has happened, and maybe is happening still. After all, SIM cards were not designed with total confidentiality in mind—originally, they were used for preventing fraud and to simplify billing systems.

And, whatever Gemalto says, SIM manufacturers and network operators have not made sufficient efforts in the past, to secure their supply chain.

- John Walko
  EE Times

 First Page Previous Page 1 • 2

Comment on "Gemalto acknowledges NSA, GCHQ hacki..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top