Science and Tech


SIM Maker Gemalto Says No Evidence Of Mass Encryption Theft

Gemalto says it suspects intelligence agencies did try to get into its networks but never stole SIM encryptions as suggested in earlier reports.
Posted at 4:56 PM, Feb 25, 2015

SIM card manufacturer Gemalto has had a busy week.

Just days after news broke of state intelligence agencies allegedly stealing millions of its SIM card encryption keys, Gemalto says an internal audit has found no such evidence.

Gemalto said it suspects the National Security Agency and its British counterpart, the Government Communications Headquarters, hacked its systems as far back as 2010 but only "breached its office networks." The company says there was no large-scale theft of SIM encryption keys.

The company is one of the world's largest producers of SIM cards. Each year it sends 2 billion chips to telecom providers all over the world, including the big stateside carriers.

The little cards can store data, like messages or apps. They're used for mobile payments in some areas and, critically, each one carries an encryption key known as a "Ki," which is physically burned into the structure of the chip and used for communicating with telecom networks.

A report in The Intercept cited documents from Edward Snowden's archive of leaks. It alleged the NSA and GCHQ had extracted millions of these Kis back in 2010.

But Gemalto says by then, it "had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft."

"In other words," writes a skeptical GigaOM, "Gemalto does it right (most of the time) while other suppliers may not have been so cautious."

Journalists, security experts and Twitter watchers alike aren't convinced it's quite that open-and-shut. For one thing, six days is a fast audit, especially when the NSA is a suspect.

As one security researcher asked Forbes: "Do they seriously believe they can conduct an investigation uncovering the truth in less than a week? This is a rush job to placate shareholders. Hopefully, they will keep investigating."

But Gemalto says it doesn't plan to issue further updates on the matter "unless a significant development occurs.​"

This video includes images from Getty Images.