Gemalto: NSA attacked our SIMs, however not on a grand scale
SIM chip maker Gemalto has confirmed that US and UK intelligence providers doubtless attacked it, however stated it “couldn’t have resulted in an enormous theft of SIM encryption keys.” Its feedback stemmed from a current Edward Snowden leak, which revealed a coordinated assault on Gemalto by the NSA and British GCHQ. Following an inner investigation, the beforehand low-profile firm stated that a “refined” intrustion by the intelligence businesses did happen in 2010-eleven for the aim of intercepting encyption keys despatched to carriers. It stated that the assaults consisted of e mail “phishing” and spying on workplace networks, and added that a number of makes an attempt have been made to entry the PCs of particular person Gemalto staff.
Nevertheless, it concluded that not one of the spying “might have resulted in an enormous theft of SIM encryption keys.” For one, Snowden mistakenly stated that Gemalto provided SIMs to operators it does not do enterprise with, and incorrectly recognized non-existant Gemalto workplaces in a number of nations. The corporate added that the corporate used a safe switch system between operators beginning in 2010, which might have left it weak solely in “uncommon instances.” Lastly, it stated that if any keys have been stolen, businesses might solely monitor 2G networks, since 3G and 4G networks “usually are not weak to any such assault.”
Regardless of that, the corporate stated that people and operators can take sure counter-measures. Particularly, it stated operators ought to be utilizing custom-made SIM-encryption algorithms, and people ought to “systematically encrypt” saved and tramsmitted knowledge.