Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

The NSA and GCHQ hacked a SIM card maker to steal your data

According to new leaked documents, the NSA and GCHQ hacked into Dutch SIM card manufacturer Gemalto's computers, stealing an immeasurable amount of encryption keys from the SIM card company.
By
February 19, 2015
sim card

In a new report from The Intercept, the NSA and GCHQ (Government Communications Headquarters) hacked into Dutch SIM card manufacturer Gemalto’s computers back in April 2010. The two government agencies, along with the Mobile Handset Exploitation Team (MHET), stole an immeasurable amount of encryption keys from the SIM card company, which allows them to intercept otherwise locked-down data from users including voice, text and more. The documents containing proof were leaked to The Intercept by former NSA member Edward Snowden. Gemalto is currently one of the world’s largest SIM card manufacturers, producing two billion SIM cards per year and spanning throughout all four major US carriers as well as hundreds of other mobile service providers. There’s currently no word as to exactly how many users are affected by the hack.

With the stolen encryption keys, the NSA and GCHQ can track mobile communication without first getting approval from telecom companies. The report adds:

Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.

Gemalto was completely oblivious of the hack. Paul Beverly, CEO of Gemalto, explains, “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again.”

This is absolutely a huge negative on the mobile security front, which has already gotten a reputation of being quite precarious. If you have yet to read the full report from The Intercept, I’d suggest you do so. It may be a bit long, but it’s very informative and extremely eye-opening.