A lot of us had forgotten about Edward Snowden and his disruptive leaks until last week. As usual, anything Snowden means some highly sensitive information in line with cyber security. This time it looks like it’s a lot closer to home.
Last week The Intercept published a story on a hack into the internal computer network of Gemalto, one of the largest manufacturers of SIM cards in the world. Evidence, in the form of top secret documents, had been provided by Edward Snowden.
This hack was apparently a joint operation between the USA’s NSA and the Government Communications Headquarters (GCHQ) from the United Kingdom.
Information on the intrusion was laid out in a classified GCHQ document from 2010. The agencies were trying to gain the ability to monitor a large part of global voice and data communications.
All this was going to be made possible through stolen encryption keys which work to protect mobile phone privacy. The encryption keys allow the intelligence agencies to remotely monitor communications on mobile devices, even without prior approval from mobile networks and foreign governments.
Such access leaves no trace of intrusion, meaning that tools like wiretaps and exercises like decryption can be replaced. At the end of the day, there is no need to seek a warrant to access information from a subscriber’s device.
So what about NetOne SIM cards?
NetOne SIM cards are provided by Gemalto. When the NetOne OneWallet service was introduced, Gemalto was chosen as the technical partner to provide a secure mobile money solution that required the secure SIM cards that became a pre-requisite of the service.
While technically this places NetOne in the same pool of potential victims of this intrusion, for now there is no evidence to suggest that NetOne subscribers should be worried about remote access of their devices.
Clarification from Gemalto
Gemalto is still investigating the matter and has arranged a press conference tomorrow morning. The results are meant to allay fears of privacy invasion and probably shed more light on how far the intrusion went. Below is their statement thus far. We will be keen on the statement they issue tomorrow as it should clarify whether NetOne and its subscribers are victims in all of this.
Update on the SIM card encryption keys matter
Gemalto pursues its investigations following the article mentioning that in 2010 and 2011, a joint unit composed of operatives from the British GCHQ (Government Communications Headquarters) and the American NSA (National Security Agency) reportedly hacked SIM card encryption keys engraved in Gemalto and possibly other SIM vendors’ cards.
The Company will communicate on the results of its investigations on Wednesday, February 25, through a press release and a press conference that will be held in Paris at 10:30 am. The details of this press conference will be available on the Gemalto website at www.gemalto.com/companyinfo/media as of Tuesday, February 24, 2:00 pm.
Gemalto, the world leader in digital security, is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.