Gemalto says reports of its hack by the NSA and GCHQ were greatly exaggerated

In a press release late Tuesday night, Gemalto, one of the world’s largest SIM manufacturers, denied recent allegations that the company had a vast number of sensitive SIM encryption keys stolen by the National Security Agency (NSA) and Britain’s General Communications Headquarters (GCHQ).

The company's statement addressed a number of confidential documents from 2010 which were leaked by former NSA contractor Edward Snowden and published last week by The Intercept. The documents indicated that a task force organized by the NSA and GCHQ broke into Gemalto employee e-mails and found ways to steal the encryption keys corresponding to the SIMs that Gemalto manufactured and sent to mobile carriers. Such a hack would allow state-sponsored spies to decrypt traffic coming to a fake cell tower and thereby watch voice, data, and text messages without a wiretap.

But Gemalto says that after a “thorough investigation,” it concluded that although the company did experience hacks in 2010, it suffered none that could have resulted in the loss of the vast number of SIM encryption keys that The Intercept article referenced. And, the company continued, if some keys had been stolen, then technology pertaining to the 3G and 4G networks that Gemalto builds SIMs for would have prevented substantial hacking. The company believed 2G networks were the only ones that would have truly suffered under such a hack.

Read 8 remaining paragraphs | Comments