Click to Skip Ad
Closing in...

Why the NSA SIM hack might be far more serious than you think

February 25th, 2015 at 6:50 AM
NSA Gemalto SIM Hack Spyware

A few days ago, a report revealed that spy agencies including the NSA and GCHQ, managed to bypass the security of SIM card manufacturer Gemalto and gain access to valuable encryption keys that protect cellphone signals. Even though Gemalto denied the reports, but The Verge points out that the hack might be more serious than initially believed, as it could give agencies the ability of infecting any phone using these specific SIM cards with additional spyware programs.

FROM EARLIER: Bombshell report reveals the NSA has stolen encryption keys for millions of SIM cards

Access to these encryption keys do not give governmental agencies only the power to monitor cellular communications, including calls and data, but they also come with additional perks, such as the power of instructing a device to install specific programs.

Spyware could be installed on the SIM card itself, and then it could be used to install additional spy apps on a phone without the user’s knowledge, or to retrieve data from it.

The NSA and GCHQ could use OTA keys — basically keys that let carriers push over-the-air updates to phones — in order to tell a phone to install a certain piece of software. OTA keys provide total access to a phone, and even allow agencies to delete any trace to suspicious OTA updates, making the spyware “completely hidden from the user,” as one security researcher has revealed.

Previous leaks have revealed certain malware apps that could take advantage of SIM exploits, allowing the NSA to grab location data through hidden SMS messages (see image below) and pull additional information including phone book, text and call logs from a device — though, at the time, the leaked presentations did not explain how the SIM malware would be delivered.

The NSA and GCHQ had full access to Gemalto’s network, last week’s report revealed, meaning they could have stolen OTA keys for later use.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News