Edward Snowden has been leaking classified NSA documents since mid-2013, and with his latest leak, he’s revealed some information that relates directly to mobile.
According to documents leaked by Snowden to The Intercept, the National Security Agency and the Government Communications Headquarters, or GCHQ, hacked into the network of Gemalto, a major manufacturer of SIM cards that produces approximately 2 billion SIMs per year. The hack allegedly gave the NSA and GCHQ access to encryption keys that allow the agencies to monitor both voice and data transmissions without the approval of carriers or governments. It’s said that when the agencies monitor mobile communications, there would be no trace that they had done so.
The NSA and GCHQ are said to have gained access to these encryption keys by cyberstalking Gemalto employees and straight-up hacking SIM manufacturers that utilized weak or no encryption to protect data. What’s more, Gemalto had no idea that this hack took place until it was notified by The Intercept. “I’m disturbed, quite concerned that this has happened, said Gemalto executive Paul Beverly. He went on to say that right now it’s important to understand how the hack was done and exactly how large the security breach was.
In addition to gaining SIM card encryption keys, it’s said that the NSA and GCHQ set their sights on the networks of unnamed cellular companies. The agencies gained access to cellular staff machines, giving them the ability to view customer information.
Details on exactly how many people have been affected by this hacking is unknown. Considering the size of Gemalto’s SIM production, including the fact that all four major U.S. carriers are customers of Gemalto’s, the agencies had access to quite a bit of information. The report is certainly unsettiling, especially since Gemalto had no idea that the hack took place and that the NSA and GCHQ could access communications without leaving any evidence that they had done so.
For the full report on this hack, hit up The Intercept using the link below.