The world’s largest and primary manufacturer of SIM cards used by the majority of GSM and LTE carriers worldwide has completed an initial investigation into reports that the manufacturer was hacked by US and British intelligence agencies and subsequently obtained encryption keys used to encrypt SIM cards for the express purpose of eavesdropping on voice calls and data sessions without obtaining warrants. The encryption used by Gemalto for its SIM and secure elements products is used for fraud prevention but the measures are not meant to prevent eavesdropping.
Reports filed by The Intercept based on evidence provided by NSA whistleblower Edward Snowden claimed that both the US National Security Agency and England’s GCHQ hacked into systems belonging to Gemalto and other SIM card manufacturers beginning in 2010 to obtain access to the encryption keys necessary to bypass SIM card encryption found on millions of SIM cards in order to gain access to worldwide communications without obtaining official authorization to do so.
When the initial reports broke on Thursday, Gemalto issued the following statement on Friday:
Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday. We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques. ?
This morning, Gemalto released a new statement following the results of their initial investigation:
Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure.
The company will hold a press conference on Wednesday to announce the complete results of its investigation into the hacking claims.
