A new Snowden leak a few days ago revealed that the NSA and GCHQ conducted a complex hack operation that focused on obtaining the secure encryption keys that protect mobile communications in devices with SIM cards. A subsequent report revealed that the goal of spy agencies might have been a lot bigger, as they may have been hunting for other security keys that would let them deploy spyware on any mobile device with a SIM card inside, and users would have no idea that anything had happened.
FROM EARLIER: Gemalto confirms hack, but denies massive SIM keys theft
Gemalto acknowledged the hack, but downplayed it, saying it couldn’t have resulted in a mass-theft of SIM card keys. The company also said that even if the hack was successful, it wouldn’t actually be useful against 3G and 4G technologies. But The Intercept, which first shed light on the matter, has now raised several questions on the validity of Gemalto’s reassuring claims.
The publication spoke to many security experts who aren’t convinced that Gemalto has done a thorough investigation of the reported hack in less than a week. These experts claim that Gemalto is basically trying to put the story to bed and make sure its investors and customers stop worrying about the NSA and GCHQ being able to spy on potentially billions of handset users who have one such SIM card in their devices.
Gemalto might have made “erroneous statements about cellphone technology” and “highly questionable claims” regarding the matter.
Some security experts say that Gemalto’s security team wouldn’t even be able to recognize and deal with an attack coming from a government agency rather than a group of hackers acting on their own, as spy agencies can hit targets without leaving any traces. This appears to have been the case with this hack, which was first brought to the attention of the public and the company by a Snowden leak.
“Gemalto learned about this five-year old hack by GCHQ when the The Intercept called them up for a comment last week. That doesn’t sound like they’re on top of things, and it certainly suggests they don’t have the in-house capability to detect and thwart sophisticated state-sponsored attacks,” American Civil Liberties Union chief technologist Christopher Soghoian told the publication.
“Their ‘investigation’ seem to have consisted of asking their security team which attacks they detected over the past few years. That isn’t much of an investigation, and it certainly won’t reveal successful nation-state attacks,” he added.
“They are saying that NSA/GCHQ could not have breached those technologies due to ‘additional encryption’ mechanisms that they don’t specify and yet here we have evidence that GCHQ and NSA were actively compromising encryption keys,” Johns Hopkins Information Security Institute cryptography specialist Matthew Green said.
The full report is available at the source link.