Sim card database hacked: NSA and GCHQ stole details to listen in on phone calls

The breach has been compared to getting the master key for a block of flats — making breaking into any one of them much easier

Andrew Griffin
Friday 20 February 2015 10:00
Comments

British and American spies hacked the biggest Sim card manufacturer in the world, allowing them to listen in on much of the world’s phone communications.

Gemalto, the company targeted by the hack, makes 2 billion Sim cards per year for 450 networks in most large countries around the world. Users would have no idea that their phone calls and data had been intercepted, and the breach appears to have been in effect for years.

The NSA and GCHQ broke into Gemalto to find the encryption keys for Sim cards, the small cards put in phones to allow them to access cellular networks. That gave them full access to communications, according to a GCHQ document leaked by Edward Snowden and reported by The Intercept.

The keys allow the intelligence agencies to listen in on communications without getting approval from either telecom companies or the governments of the people that they are listening in on.

They also leave no trace on the phone, or on the network of the network provider, that communications have been monitored.

Gemalto’s executive vice president told The Intercept that the company was unaware of the breach but was now working to stem its effects.

“I’m disturbed, quite concerned that this has happened,” Paul Beverly said. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years.”

Privacy and security experts said the breach was akin to stealing the master key for a block of flats, The Intercept said. “Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian from the American Civil Liberties Union told the site.

The encryption used by Sim cards has long been criticised as being built on 1970s standards that are easy to break into — in 2013, analysts showed that it was possible to break into one of the cards just by sending a text.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in