Dutch SIM card maker Gemalto says its SIM cards are “secure” despite a report that US and UK spies hacked the company and stole encryption keys that would allow them to intercept mobile communications.
Gemalto, the world's main supplier of SIM cards, claims its SIM cards remain secure even after claims in a report last week by The Intercept that the Government Communications HeadQuarters (GCHQ) and the US National Security Agency (NSA) stole the encryption keys on its SIM cards.
“Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the company doesn't expect to endure a significant financial prejudice,” Gemalto said in a statement on Monday.
Gemalto produces around two billion SIM cards each year that are supplied to 450 mobile network operators around the globe. Operators are given keys from Gemalto that match the keys on the SIM cards. The keys are essential for encrypting communications between a device and the operator and for the operator to recognise a device.
The report claimed that a mobile hacking unit consisting of NSA and GCHQ agents hacked Gemalto and nabbed the keys as they were en route to operators. The keys would help them bypass the need for a warrant network operators when they want to capture and decrypt mobile communications.
The attack was detailed in a 2010 report leaked by former NSA contractor Edward Snowden.
Gemalto launched its investigation on Friday and said that it couldn’t verify the claims in the report. It also had no knowledge of the operation prior to the report. The company’s shares fell four percent on Friday.
Gemalto will report the findings of its investigation on on Wednesday February 25.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
March 3rd, March 5th, March 9th 2015
Read more: Symantec draws new security picture
Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)