SIM card vendor Gemalto has launched a full investigation into claims its encryption keys were hacked by US and UK security agencies.
The report, based on documents released by US whistleblower Edward Snowden, claimed the UK-based GCHQ and the US National Security Agency were able to decode calls, texts and emails thanks to the encrypted keys.
The hack reportedly took place in 2010. Gemalto provides services to around 450 operators across 85 countries and produces roughly two billion SIM cards per year. The report is damaging to SIM companies, which have seen the safety and security of their products as a key selling point.
In a statement, a Gemalto spokesperson said: “The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.”
The vendor said it had no evidence that attempts to hack its systems in recent years were linked to the claims in the Intercept report.
The spokesperson added: “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.
“There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasises how serious cyber security is in this day and age.”
Read more:
SIMAlliance launches guide to NFC, lauds SIM
5.2 billion SIMs shipped in 2014, as LTE, M2M and NFC gain traction