Update: Gemalto released more details on the results of its investigation. The SIM maker acknowledged that the attacks publicized by The Intercept likely happened, but denied that the attacks resulted in a massive security breach. According to Gemalto, the NSA/GCHQ attack could only affect a small number of encryption keys, and only 2G networks. 3G and 4G SIM cards were not impacted by the breach, said the company. Check out Gemalto’s full statement.
Original post, February 23
Just a few days ago, a report claimed that documents leaked by NSA whistleblower Edward Snowden revealed that the American NSA and the British GCHQ (Government Communications Headquarters) hacked into a major SIM card manufacturer’s systems to steal encryption keys back in 2010. But today, Dutch SIM card manufacturer Gemalto has just announced that their SIM cards are secure following the massive security breach.
As reported by The Intercept, the two security agencies stole an immeasurable amount of encryption keys from the SIM card company, which allowed them to intercept otherwise locked-down data from users including voice, text and more. To make matters worse, Gemalto is one of the biggest SIM manufacturers in the world, supplying over two billion SIM cards per year and spanning throughout all four major US carriers as well as hundreds of other mobile service providers.
In a statement released earlier today, here’s what Gemalto had to say about the hack:
Gemalto, the world leader in digital security, is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.
The company will announce the results of its investigations on Wednesday, February 25th in a press release and a press conference. We’ll have to wait until then for the full results, but according to Gemalto, everything is looking secure so far.