SIM chip maker Gemalto has confirmed that US and UK intelligence services likely attacked it, but said it "could not have resulted in a massive theft of SIM encryption keys." Its comments stemmed from a recent Edward Snowden leak, which revealed a coordinated attack on Gemalto by the NSA and British GCHQ. Following an internal investigation, the previously low-profile company said that a "sophisticated" intrustion by the intelligence agencies did occur in 2010-11 for the purpose of intercepting encyption keys sent to carriers. It said that the attacks consisted of email "phishing" and spying on office networks, and added that several attempts were made to access the PCs of individual Gemalto employees.
However, it concluded that none of the spying "could have resulted in a massive theft of SIM encryption keys." For one, Snowden mistakenly said that Gemalto supplied SIMs to operators it doesn't do business with, and incorrectly identified non-existant Gemalto offices in several nations. The company added that the company used a secure transfer system between operators starting in 2010, which would have left it vulnerable only in "rare cases." Finally, it said that if any keys were stolen, agencies could only track 2G networks, since 3G and 4G networks "are not vulnerable to this type of attack."
Despite that, the company said that individuals and operators can take certain counter-measures. Specifically, it said operators should be using customized SIM-encryption algorithms, and individuals should "systematically encrypt" stored and tramsmitted data.
Filed under: Cellphones, Mobile
0 comments:
Post a Comment