Home > > NSA, GCHQ hacked SIM manufacturer, stole encryption keys: reports

NSA, GCHQ hacked SIM manufacturer, stole encryption keys: reports

Manufacturer Gemalto says it had no prior knowledge of spy agencies' operation

The aim of the attack was to steal encryption keys to SIM cards
The aim of the attack was to steal encryption keys to SIM cards

The United States NSA and the UK's GCHQ reportedly hacked into a major SIM card manufacturing firm, with the aim of using stolen codes to help monitor mobile phone conversation and activity.

The revelations were made last week as the latest round of Edward Snowden files were published by The Intercept. The company involved, Gemalto, said that it had no prior knowledge that agencies were conducting such an operation.  

"It was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent," the company said in a prepared statement sent to ITP.net.

"We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation."

Gemalto later added that it would communicate the results of its investigations on Wednesday, February 25. However, the company said that initial conclusions indicated that its SIM products are secure.

According to the Intercept report, if the revelations are accurate, US and British spy agencies would have been able to monitor "a large portion" of the world's cellular communications, including voice and data. This is due to the fact that Gemalto manufactures SIM cards for some of the world's largest telecommunications firms, including AT&T and Verizon.

In the Middle East, Gemalto counts the Etisalat Group as a customer.

The report alleged that the joint NSA-GCHQ operation began in 2010. The aim was to steal encryption keys to SIM cards. SIM cards use encryption to secure communications between handsets and phone masts. However, with the encryption keys, the NSA and GCHQ would be able to monitor SIM card activity.  

Both organisations have declined to comment on the latest accusations.

In the meantime, while Gemalto said that it was unaware of the attack, said that it was devoting "all resources necessary" to investigate and understand the scope of the spy agencies' techniques.

"There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasises how serious cyber security is in this day and age," the company said.

"Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years."