SIM Card Manufacturer Says Its Encryption Keys Are Safe From NSA Hacking


I’m passing this along without comment since I don’t have anything substantive to add. I just wanted to keep everyone up to date on the Intercept story about the NSA stealing cell phone encryption data stored on SIM chips:

Security-chip maker Gemalto NV said Wednesday that American and British intelligence services could be responsible for a “particularly sophisticated intrusion” of its networks several years ago, but denied that the alleged hack could have widely compromised encryption it builds into chips used in billions of cellphones world-wide.

….Company executives also asserted that the interceptions wouldn’t have compromised the security of its newer SIM cards for 3G and 4G cellular networks, only older 2G networks. The reason: Gemalto says the new technology no longer require it to send telecom companies the keys to decrypt individuals’ communications—so they couldn’t have been intercepted.

Hmmm. On the one hand, many of the Snowden documents are indeed fairly old, dating back to 2010 or 2011. So they could be out of date. On the other hand, the NSA didn’t necessarily have to “intercept” anything here. A sufficiently sophisticated hack could presumably have given them direct access to the Gemalto database that contains the encryption keys. And needless to say, Gemalto has a vested interest in assuring everyone that their current products are safe.

So….who knows what really happened here. We’ll likely hear more about it as Gemalto’s internal investigation continues.