Gemalto confirms NSA breach but says encryption keys weren't stolen

Posted on Wednesday, Feb 25 2015 @ 13:57 CET by Thomas De Maesschalck
Last week it was reported that the NSA had broken into the systems of Gemalto, one of world's largest SIM card manufacturers, and has acquired SIM card encryption keys.

Gemalto just published the findings of its investigations into the alleged hacking by the NSA and GCHQ. The company confirms its office networks were most likely breached by a NSA/GCHQ operation but claims a massive theft of SIM encryption keys is out of the question. You can read the full details of Gemalto's findings over here.
  • The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened

  • The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys

  • The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally. By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft

  • In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack

  • None of our other products were impacted by this attack

  • The best counter-measures to these type of attacks are the systematic encryption of data when stored and in transit, the use of the latest SIM cards and customized algorithms for each operator

  • About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

    Loading Comments