U.S. and Britain Work Together to Pull off SIM Card Heist

U.S. and Britain Work Together to Pull off SIM Card Heist

Ever feel like you’re being watched or followed, but when you turn around no one is there? This could also be happening in your digital life. A new report by The Intercept claims that two of the world’s most powerful spy agencies, the NSA (US) and GCHQ (UK) worked in cahoots to hack the network of Gemalto, a major manufacturer of SIM cards to obtain secret keys that unlock phone data. This massive security breach means that your phone may be vulnerable.

The total number affected is still unknown; however, I suspect the number is fairly large since Gemalto has AT&T, Verizon, T-Mobile and Sprint as their customers.

NSA collects data over the Internet in these two ways:

  • Downstream collection: explicit requests to technology companies for user data; and
  • Upstream collection: pulling data directly from cables/airwaves.

Here’s how this data breach went down:

  • Individual employees of major telecom corps and SIM card manufacturers were targeted by GCHQ.
  • GCHQ accessed the employees’ email and Facebook accounts.
  • GCHQ gathered bits of information that lead them to Gemalto’s systems.
  • Many SIM card manufacturers sent weak keys or non-encrypted keys.

Things you should know about the security breach:

  • Gemalto produces approximately 2 billion SIM cards/year.
  • Gemalto’s motto – “Security to be Free.”
  • Stolen encryption keys enable monitoring of mobile communications.
  • Bulk key theft enables previously encrypted communications to be unlocked.
  • Gemalto seemed to be oblivious to the breach.

By pulling off this encryption key heist, these US and the UK intelligence agencies each have the ability to not only intercept but decrypt communications without informing the wireless network provider, foreign governments or the individual user targeted.

About the Author

Ginger Hill is Group Social Media Manager.

  • Fresh Security Perspective from AMAG’s New Sales Director A Fresh Perspective on Security

    Fred Nelson may be new to the security industry but his sales and leadership methods are time tested, and true. Fred joined AMAG only a few months ago, but brings with him a wealth of experience in sales and life balance solutions. This year is off to a good start for AMAG with new solutions on the horizon.

Digital Edition

  • Security Today Magazine - April 2022

    April 2022

    Featuring:

    • Similarities at Data Centers and Airports
    • Transitioning to the Cloud
    • Going High Tech
    • The Benefits of On-site Security
    • Optimizing Store Layouts

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety