Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

US, British Spies Hacked Mobile SIM Card Keys: Report

US and British intelligence services can tap into mobile voice and data communications of many devices after stealing encryption keys of a major SIM card maker, a report said Thursday.

US and British intelligence services can tap into mobile voice and data communications of many devices after stealing encryption keys of a major SIM card maker, a report said Thursday.

The report, from investigative website The Intercept, said the US National Security Agency and its British counterpart GCHQ obtained encryption keys of the global SIM manufacturer Gemalto.

Citing a 2010 document leaked by former NSA contractor Edward Snowden, the report said that with the encryption keys, the intelligence services can secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap.

The Intercept said a covert operation led by GCHQ with support from the NSA was able to mine private communications of unwitting engineers at Gemalto, which is based in the Netherlands.

The report suggests the intelligence services could have access to a wider range of communications than has been previously reported.

Other documents have indicated NSA can monitor email and traditional phone communications.

The NSA did not immediately respond to an AFP request for comment.

A Gemalto spokeswoman said in an email to AFP that the company “is especially vigilant against malicious hackers and of course has detected, logged and mitigated many types of attempts over the years.” Gemalto “at present can make no link between any of those past attempts and what was reported by The Intercept,” the statement said.

Advertisement. Scroll to continue reading.

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated technique to try to obtain SIM card data.”

It added that the intended target was “not Gemalto, per se — it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible.”

Gemalto, which produces billions of SIM cards and other digital identity products, describes itself as a provider of “trusted and convenient digital services to billions of individuals.”

The company was formed in 2006 by a merger of Axalto Holding NV and French-based Gemplus International.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...