A few days ago, a report revealed that spy agencies including the NSA and GCHQ, managed to bypass the security of SIM card manufacturer Gemalto and gain access to valuable encryption keys that protect cellphone signals. Even though Gemalto denied the reports, but The Verge points out that the hack might be more serious than initially believed, as it could give agencies the ability of infecting any phone using these specific SIM cards with additional spyware programs.
Access to these encryption keys do not give governmental agencies only the power to monitor cellular communications, including calls and data, but they also come with additional perks, such as the power of instructing a device to install specific programs.
Spyware could be installed on the SIM card itself, and then it could be used to install additional spy apps on a phone without the user’s knowledge, or to retrieve data from it.
The NSA and GCHQ could use OTA keys — basically keys that let carriers push over-the-air updates to phones — in order to tell a phone to install a certain piece of software. OTA keys provide total access to a phone, and even allow agencies to delete any trace to suspicious OTA updates, making the spyware “completely hidden from the user,” as one security researcher has revealed.
Previous leaks have revealed certain malware apps that could take advantage of SIM exploits, allowing the NSA to grab location data through hidden SMS messages (see image below) and pull additional information including phone book, text and call logs from a device — though, at the time, the leaked presentations did not explain how the SIM malware would be delivered.
The NSA and GCHQ had full access to Gemalto’s network, last week’s report revealed, meaning they could have stolen OTA keys for later use.