How Wireless Will Pave the Path to Neobank Profitability

I'm delighted to bring you an opinion...

An end of an era: Vodafone UK turns off 3G services

I thought it was worthwhile highlighting this...

Mobile World Congress: Did the mainstream media notice?

I resolved this year to make sure...

Gemalto on SIM card encryption issues: Case closed, job done

Screenshot 2015-02-23 09.43.44

If you were following the SIM card encryption key news stories buzzing around, you’ll have recognised that industry heavyweight, Gemalto, was mentioned quite a bit.

They’ve done their analysis and published their findings — and it makes excellent reading. Here are the key bullet points:

  • The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened
  • The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys
  • The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally. By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft
  • In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack
  • None of our other products were impacted by this attack
  • The best counter-measures to these type of attacks are the systematic encryption of data when stored and in transit, the use of the latest SIM cards and customized algorithms for each operator

I think they’ve done a very comprehensive job. Nice work Gemalto.

1 COMMENT

  1. Other commentators have a more skeptical view of Gemalto’s rather rushed “investigation” which they describe as more damage limitation/Investor-Press relations than a thorough piece of work

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recently Published

How Wireless Will Pave the Path to Neobank Profitability

I'm delighted to bring you an opinion piece from Rafa Plantier at Gigs.com. I think it's particularly relevant given the recent eSIM news from...

An end of an era: Vodafone UK turns off 3G services

I thought it was worthwhile highlighting this one from the Vodafone UK team. For so long - for what feels like years, seeing the...

Mobile World Congress: Did the mainstream media notice?

I resolved this year to make sure I wrote something - anything - about Mobile World Congress, the huge mobile industry trade show taking...

NordVPN: Thanks again, Revolut

When I upgraded to Revolut's Ultra offering, I did so with a strong focus on the Financial Times digital subscription which normally retails at...

Revolut’s Roaming eSIM: 1 week later

This week I have been using Revolut's new eSIM capability whilst I was in Sweden for Stockholm FinTech Week. I'm an Ultra subscriber so...

Revolut launches in-app eSIM service; includes 3GB data roaming for Ultra customers

Well now, leave it to the team at Revolut to actually do some innovating in financial services. The news broke this morning that Revolut...