Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

SIM Maker Gemalto Confirms Possible Spy Attacks

European SIM maker Gemalto said Wednesday it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any “massive theft” of encryption keys that could be used to spy on conversations.

European SIM maker Gemalto said Wednesday it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any “massive theft” of encryption keys that could be used to spy on conversations.

Investigative website The Intercept last week said the US National Security Agency and Britain’s GCHQ hacked into the firm in 2010 and 2011 and stole SIM encryption keys, with which they can reportedly monitor communications over mobiles without using a warrant or wiretap.

The website made the allegations on the theft of the keys — which encrypt and decrypt data — based on a document leaked by former NSA contractor Edward Snowden, and its report prompted some experts to decry a huge breach in mobile privacy.

“In 2010 and 2011, we detected two particularly sophisticated intrusions which could be related to the operation,” Gemalto said in a statement.

“During the same period, we also detected several attempts to access the PCs of Gemalto employees who had regular contact with customers,” it added.

“At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation.”

But the company denied that these attacks resulted in a large-scale theft of encryption keys.

“The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys,” it said.

Advertisement. Scroll to continue reading.

The company said the aim of the operation was to intercept the encryption keys as they were exchanged between mobile operators and suppliers such as Gemalto.

But “by 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft.”

“In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks.

“3G and 4G networks are not vulnerable to this type of attack.”

The NSA has come under intense scrutiny both at home and abroad after Snowden leaked documents from June 2013 about government surveillance programs that sweep up data from Americans as well as foreigners.

The revelations led to a public outcry and strained relations with US allies.

Snowden, who fled the United States, has now sought temporary asylum in Russia.

US President Barack Obama vowed to reform the country’s surveillance programs following the outcry, but the US Senate in November blocked a bid by lawmakers to curb NSA bulk data collection.

The USA Freedom Act surveillance reform bill that was blocked would have reined in the NSA and also replaced the agency’s blanket authority with a far narrower one allowing it to obtain call records from phone companies but only in specific cases.

Related: Stolen SIM Card Keys Could be Powerful Spy Tool

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.