NSA Gemalto Simcard Bug
As if there weren’t enough reasons to be terrified in the world already we’ve just had a new piece of information be discovered in the massive Edward Snowden leak and it is terrifying.
Have you ever heard of a company named Gemalto? No, you probably haven’t, few of us have; but I’m willing to bet that right now there is a piece of Gemalto technology sitting, probably within walking distance, if not arm’s distance away from you. You see, Gemalto is the company that makes the vast majority of the world’s SIM cards. Why does this matter? Well, because the leak in question happens to involve a James Bond-esque NSA operation and Gemalto . . . see where I’m going with this?
It seems that a join operation between the NSA and their British Equivalent the GCHQ managed to hack into Gemalto’s secure system and reportedly may have been able to steal the encryption codes for thousands of SIM cards. What does this mean? It means that basically, they can just zero in on your cellphone and access all voice, SMS, and contact data from you service providers networks. The scariest part is that you wouldn’t even know if it happened. Because the NSA managed to get the base encryption codes any time they decide to look in on you it will just seem like a valid, authenticated access of that data. All the chilling but fascinating details of the breach are outlined here at the intercept who originally reported the incident.
Gemalto has acknowledged that there was a breach in their system but are downplaying the severity of the hack. They are claiming that it was just their internal work network that was breached and that the SIM card information was never in danger. They further go on to point out that each service provider is given a unique encryption algorithm which would make it impossible to steal the “base” encryption key. They also mentioned that the hack happened in 2010 when 2g was the most prevalent network standard and how 2g networks were far less secure than the current 3 and 4G standards that are common today.
As usual the NSA shows no remorse for their tactics even defending their practices at a recent event in Washington, DC. This led to a tense showdown between Yahoo’s chief information-security officer Alex Stamos and the NSA’s Director Adm, Mike Rogers. The point of contention began when asked a loaded question of Mr. Rogers in an effort to rebuke the NSA’s claims that tech companies should provide for a “backdoor” for the NSA to tunnel for information. “It sounds like you agree with [Federal Bureau of Investigation Director James] Comey that we should be building defects into the encryption in our products so that the US government can decrypt,” he said. The NSA’s position on this is that it would be feasible to set up a legal framework to make this kind of arrangement work.
“Well, do you believe we should build backdoors for other countries?” he continued.
“My position is – hey, look, I think that we’re lying that this isn’t technically feasible,” Mr. Rogers answered. He’d go on to say, “You don’t want the FBI and you don’t want the NSA unilaterally deciding what is permissible.” This was again, all in reference to providing the NSA a legal framework to spy on your tech accounts.
This came just weeks after Apple CEO Tim Cook leveled similar criticism against him.
If you’re worried about your privacy, why not check out our top pick of VPNs.