British and American spies hacked the biggest Sim card manufacturer in the world, allowing them to listen in on much of the world’s phone communications.
Gemalto, the company targeted by the hack, makes 2 billion Sim cards per year for 450 networks in most large countries around the world. Users would have no idea that their phone calls and data had been intercepted, and the breach appears to have been in effect for years.
The NSA and GCHQ broke into Gemalto to find the encryption keys for Sim cards, the small cards put in phones to allow them to access cellular networks. That gave them full access to communications, according to a GCHQ document leaked by Edward Snowden and reported by The Intercept.
The keys allow the intelligence agencies to listen in on communications without getting approval from either telecom companies or the governments of the people that they are listening in on.
They also leave no trace on the phone, or on the network of the network provider, that communications have been monitored.
Gemalto’s executive vice president told The Intercept that the company was unaware of the breach but was now working to stem its effects.
“I’m disturbed, quite concerned that this has happened,” Paul Beverly said. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years.”
Privacy and security experts said the breach was akin to stealing the master key for a block of flats, The Intercept said. “Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian from the American Civil Liberties Union told the site.
The encryption used by Sim cards has long been criticised as being built on 1970s standards that are easy to break into — in 2013, analysts showed that it was possible to break into one of the cards just by sending a text.Reuse content