checkAd

     677  0 Kommentare Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys - Seite 3


       
    The risk of the data being intercepted as it was shared with our customers was greatly reduced with the generalization of highly secure exchange processes that we had put in place well before 2010. The report indicates that attacks were targeted at mobile operators in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikistan. It also states that when operators used secure data exchange methods the interception technique did not work. In particular it ".failed to produce results against Pakistani networks". We can confirm that the transmission of data between Pakistani operators and Gemalto used the highly secure exchange process at that time. In 2010 though, these data transmission methods were not universally used and certain operators and suppliers had opted not to use them. In Gemalto's case, the secure transfer system was standard practice and its non-use would only occur in exceptional circumstances.
      
    The analysis of the documents shows that the NSA and GCHQ targeted numerous parties beyond Gemalto. As the leader in the market, Gemalto may have been the target of choice for the intelligence services in order to reach the highest number of mobile phones. However, we can see in the document that many aspects do not relate to Gemalto, for example:
    • Gemalto has never sold SIM cards to four of the twelve operators listed in the documents, in particular to the Somali carrier where a reported 300,000 keys were stolen.
    • A list claiming to represent the locations of our personalization centers shows SIM card personalization centers in Japan, Colombia and Italy. However, we did not operate personalization centers in these countries at the time.
    • Table 2 indicates that only 2% of the exchanges of encryption keys (38/1719) came from SIM suppliers and states that the use of strong encryption methods by SIM suppliers means that the other groups (98%) are much more vulnerable to these types of attacks.  

    In 2010-2011 most operators in the targeted countries were still using 2G networks. The security level of this second generation technology was initially developed in the 1980s and was already considered weak and outdated by 2010. If the 2G SIM card encryption keys were to be intercepted by the intelligence services, it would be technically possible for them to spy on communications when the SIM card was in use in a mobile phone. This is a known weakness of the old 2G technology and for many years we have recommended that operators deploy extra security mechanisms. However, even if the encryption keys were intercepted by the Intelligence services they would have been of limited use. This is because most 2G SIMs in service at that time in these countries were prepaid cards which have a very short life cycle, typically between 3 and 6 months.

    Lesen Sie auch

    Seite 3 von 6
       




    GlobeNewswire
    0 Follower
    Autor folgen
    RSS-Feed abonnieren

    Verfasst von GlobeNewswire
    1 im Artikel enthaltener WertIm Artikel enthaltene Werte
    Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys - Seite 3 The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened  The attacks …