Gemalto Denies Phone SIM Card Encryption Hack

The giant Dutch SIM card company reportedly hacked by U.S. and/or U.K. spy agencies says the intrusion "probably happened," but added the attack "could not have resulted in a massive theft of SIM encryption keys" as reported last week by The Intercept. That article cited documents provided by former National Security Agency contractor Edward Snowden to allege the breach "gave surveillance agencies the potential to secretly monitor a large portion of the world's cellular communications."

Amsterdam-based Gemalto released a statement Wednesday that it had conducted a thorough investigation of the alleged hack and identified "two particularly sophisticated intrusions which could be related to the operation." The two incidents, which occurred in June and July of 2010, involved suspicious activity centered on the company's network and fake e-mails with an attachment that could download malware.

In both cases, Gemalto says it took immediate action to deal with the threats. However, it added, both intrusions affected only the company's office networks. "The SIM encryption keys and other customer data in general are not stored on these networks," a statement from the company said.

Largest Maker of SIM Cards

Founded in 2006, Gemalto is a publicly traded company and the world's largest maker of SIM (subscriber identity module) cards for mobile devices. With a slogan of "Security to be free," Gemalto also provides other digital security products and services, and reported 2013 revenues of 2.4 billion euros ($2.7 billion).

Every SIM card uses a unique "Ki" authentication key to verify users' identities to their mobile phone carriers. SIM cards also use OTA keys for "over-the-air" installation of software updates.

"It is extremely difficult to remotely attack a large number of SIM cards on an individual basis," Gemalto's latest statement noted. "This fact, combined with the complex architecture of our networks, explains why the intelligence services...

Comments are closed.