Categories
News

Gemalto on SIM card encryption issues: Case closed, job done

Screenshot 2015-02-23 09.43.44

If you were following the SIM card encryption key news stories buzzing around, you’ll have recognised that industry heavyweight, Gemalto, was mentioned quite a bit.

They’ve done their analysis and published their findings — and it makes excellent reading. Here are the key bullet points:

  • The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened
  • The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys
  • The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally. By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft
  • In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack
  • None of our other products were impacted by this attack
  • The best counter-measures to these type of attacks are the systematic encryption of data when stored and in transit, the use of the latest SIM cards and customized algorithms for each operator

I think they’ve done a very comprehensive job. Nice work Gemalto.

By Ewan

Ewan is Founder and Editor of Mobile Industry Review. He writes about a wide variety of industry issues and is usually active on Twitter most days. You can read more about him or reach him with these details.

One reply on “Gemalto on SIM card encryption issues: Case closed, job done”

Other commentators have a more skeptical view of Gemalto’s rather rushed “investigation” which they describe as more damage limitation/Investor-Press relations than a thorough piece of work

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.