Last week it was reported that the NSA had broken into the systems of Gemalto, one of world's largest SIM card manufacturers, and has acquired SIM card encryption keys.
Gemalto just published the findings of its investigations into the alleged hacking by the NSA and GCHQ. The company confirms its office networks were most likely breached by a NSA/GCHQ operation but claims a massive theft of SIM encryption keys is out of the question. You can read the full details of Gemalto's findings over here.
The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened
The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys
The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally. By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft
In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack
None of our other products were impacted by this attack
The best counter-measures to these type of attacks are the systematic encryption of data when stored and in transit, the use of the latest SIM cards and customized algorithms for each operator