Following reports that claimed the NSA and GCHQ may have targeted Gemalto, one of the main phone SIM cards makers, the company revealed that such attacks indeed took place in 2010 and 2011, though the hackers were not able to steal SIM keys, as had been reported by the media.
Gemalto says that in 2010 and 2011 its network was hit by “particularly sophisticated intrusions” that are now believed to have been conducted by U.S. and U.K. spy agencies, but the company says the NSA and GCHQ were not actually able to penetrate the secure network where such sensitive SIM data is handled. The company also says it can’t prove the agencies were behind the attacks.
“It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” the company said.
Furthermore, Gemalto added that any interception made by the NSA and GCHQ would’t have compromised its newer 3G and 4G SIM cards, which don’t require the company to send encryption keys to telecom companies.
The company has over 450 mobile network operators as customers, which means billions of mobile device users might currently use one such SIM card.
An earlier report revealed that the Gemalto hack might be even more dangerous than initially believed, as it would allow a spy agency to inject malware into the SIM card itself, which in turn would let it further spy on the device undetected.
More details about the Gemalto hacks, as detailed in its own findings, are available at the source link.