Monday, 29 June 2015

News

Sim card db hacked

According to documents newly released by Edward Snowden, US and UK spies hacked into the world’s largest SIM-card manufacturer. This gave them unfettered access to billions of cellphones all over the world. Apparently, this news can spark another international row into overreach by surveillance agencies.
screenshot_22.png

It turned out that the National Security Agency (NSA) and its UK peer GCHQ hacked into Gemalto, a Netherlands SIM-card manufacturer, by stealing encryption keys – this allowed the agencies to secretly monitor voice calls and data. In other words, this hack enabled the agencies to monitor a large portion of the world’s cellular communications. This, of course, violates international laws.

The Electronic Frontier Foundation (EFF) claimed there was no doubt that NSA and GCHQ had violated Dutch law and are likely to violate laws in many other countries where they used the hacked keys. The consumer privacy outfits also point out that the scale of the hack and its international reach will once again reopen wounds in the diplomatic community. As you know, the US government faced intense criticism from Germany, Brazil, other nations and its own citizens over information disclosed by Snowden.

It became known, for example, that Angela Merkel, the German chancellor, was the target of an NSA spying campaign, and this soured US-German relations. Brazil’s president Dilma Rousseff has also accused the US agency of violating international law.

As for the SIM-card manufacture hack, the attacks could still be ongoing. The Netherlands company produces 2bn SIM-cards each year for major clients: AT&T, Sprint, T-Mobile and Verizon. Gemalto operates in 85 countries and provides SIM-cards to about 450 wireless network providers all over the world.

Encryption keys stolen by NSA and GCHQ would allow them to monitor mobile communications without the consent or knowledge of telecom companies or foreign governments. As you know, calls made on 3G and 4G mobile networks are encrypted, but with the encryption keys any communication made on a device can be accessed (unless you use an extra layer of encryption).

The recent news means that it is difficult for anyone to trust the security of a cellphone, and the situation is unlikely to change anytime soon. Apparently, there is no reason for people to trust their network providers at this point, because their systems remain insecure. So, the stolen keys would allow the spy agencies to target whoever they wanted, even in countries where the government will not cooperate.

As for Gemalto, the company was totally oblivious to the penetration of its systems and promised to do its best to ensure that it doesn’t happen again. It turned out that the company was targeted by the Mobile Handset Exploitation Team (MHET), a unit formed by the surveillance agencies 5 years ago to target vulnerabilities in cell phones. The encryption keys were stolen in a clandestine operation targeting the email and Facebook accounts of Gemalto employees.

No comments:

Post a Comment