{"id":7774,"date":"2015-02-27T10:30:46","date_gmt":"2015-02-27T15:30:46","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=7774"},"modified":"2020-02-26T11:00:21","modified_gmt":"2020-02-26T16:00:21","slug":"gemalto-sim-hack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/gemalto-sim-hack\/7774\/","title":{"rendered":"Two Billion Owned SIM Cards is a Real-Life Nightmare"},"content":{"rendered":"<p>The latest in a long line of whistleblower Edward Snowden\u2019s National Security Agency revelations may be among the most shocking: The NSA and its British counterpart, GCHQ, <a href=\"https:\/\/threatpost.com\/gemalto-hack-may-have-far-reaching-effects\/111186\" target=\"_blank\" rel=\"noopener nofollow\">allegedly compromised the networks of Gemalto<\/a>, and pilfered the encryption keys protecting untold millions, potentially billions, of SIM cards.<\/p>\n<p>A compromise of SIM cards on this scale would call into question the integrity of the entire global cellular communication system. This is not to say that your communications are being monitored, but they could be at the click of a button.<\/p>\n<p>If you are wondering who Gemalto is, they are a global manufacturer of mobile device SIM cards. In fact, they manufacturer more SIM cards than any other organization in the world, <a href=\"http:\/\/www.economist.com\/news\/business\/21633870-moves-reinvent-or-even-abolish-sim-card-could-have-big-consequences-endangered-sim\" target=\"_blank\" rel=\"noopener nofollow\">according to the Economist<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">From Espresso: Cards on the table: the hacking of Gemalto <a href=\"http:\/\/t.co\/6fCR9a3I3o\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/6fCR9a3I3o<\/a> <a href=\"http:\/\/t.co\/E6rzg507ov\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/E6rzg507ov<\/a><\/p>\n<p>\u2014 The Economist (@TheEconomist) <a href=\"https:\/\/twitter.com\/TheEconomist\/status\/570552119255814144?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 25, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><a href=\"http:\/\/https:\/\/firstlook.org\/theintercept\/2015\/02\/19\/great-sim-heist\/\" target=\"_blank\" rel=\"noopener nofollow\">The Intercept article<\/a> in which these allegations first appeared estimates that Gemalto produces some 2 billion SIM cards every year. To put that in context, there are 7.125 billion humans in the world; an estimated <a href=\"http:\/\/www.bizjournals.com\/prnewswire\/press_releases\/2014\/10\/06\/NY30877\" target=\"_blank\" rel=\"noopener nofollow\">7.19 billion mobile devices<\/a>. Gemalto\u2019s clients reportedly include mobile service providers Sprint, AT&amp;T, Verizon, T-Mobile and some 450 other outfits. The company does business in 85 countries and operates 40 manufacturing facilities.<\/p>\n<p>SIM is an acronym for subscriber identification module. A SIM card is a little integrated circuit that plugs into your mobile device. It contains the unique international mobile subscriber identity (IMSI) along with an encrypted authentication key. Together, this key and that number essentially validate that your phone is, in fact, your phone. It\u2019s like a login-password pair, but entirely hardware based and therefore cannot be changed.<\/p>\n<p>Having the master list of these keys would give an attacker the ability to monitor voice and data communications on any devices containing a SIM card whose encryption key is on the list. If these allegations are true, it means that the NSA and GCHQ have the capacity to monitor massive amounts of cellular and data communications around the world without a warrant or other judicial approval.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Allegations have emerged that the #NSA hacked @Gemlto, stealing crypto keys for millions of SIM cards<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FWp2T&amp;text=Allegations+have+emerged+that+the+%23NSA+hacked+%40Gemlto%2C+stealing+crypto+keys+for+millions+of+SIM+cards\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>You hear the non-technical media talk a lot of about the NSAs metadata-related activities, but it is leaks like this one and revelations about compromised pseudorandom number generators that are really troubling. Metadata can tell you a lot about where a person has been, who they associate with and, in fact, who a person actually is. A massive attack on SIM cards or encryption protocols gives an attacker the ability to actually see \u2014 in plaintext \u2014 the contents of our correspondence with one another. While much can be inferred from location and device interaction information, there is no need to make inferences about plaintext communications. It\u2019s all right there \u2013 as it was said \u2013 in real time. There is no analysis necessary.<\/p>\n<p>In a secret document reportedly stolen by the former NSA contractor and made public by The Intercept, the NSA said: \u201c[we] successfully implanted several [Gemalto] machines and believe we have their entire network\u2026\u201d<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Information regarding a report mentioning a hacking of SIM card encryption keys <a href=\"http:\/\/t.co\/huYdcV09Hy\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/huYdcV09Hy<\/a><\/p>\n<p>\u2014 Thales Digital Identity &amp; Security (@ThalesDigiSec) <a href=\"https:\/\/twitter.com\/ThalesDigiSec\/status\/568699628146827264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 20, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Privacy and cellular communications security aren\u2019t the only concern here. There are substantial financial implications as well. As American Civil Liberties Union staff technologist, Chris Soghoian, and Johns Hopkins cryptographer Matthew Green noted in The Intercept article, SIM cards weren\u2019t designed to protect individual communications. They were designed to streamline the billing process and prevent users from defrauding their mobile service providers in the early days of cellular use. In parts of the developing world some are largely reliant on the outdated and weak second generation cellular networks, many users rely on their SIM cards for money transfers and microfincancing services <a href=\"https:\/\/www.kaspersky.com\/blog\/twitter-digits-new-authentication\/\" target=\"_blank\" rel=\"noopener nofollow\">like the wildly popular M-Pesa<\/a>.<\/p>\n<div class=\"pullquote\">An attack on Gemalto potentially compromises the integrity of a global communication infrastructure increasingly reliant on mobile devices and the SIM cards living inside them.<\/div>\n<p>This isn\u2019t merely a financial problem for the developing world: Gemalto is a major manufacturer of the microchips in chip and PIN or EMV payment cards, the primary method of payment in Europe. Those cards could be potentially compromised as well. According to the Intercept, Gemalto\u2019s chips are also used as building entry tokens, electronic passports, identification cards, and as keys for certain luxury automobiles, like BMW and Audi, as well. If you have a chip and PIN card from Visa, Mastercard, American Express, JP Morgan Chase, or Barclays, then there is a decent chance that the chip in your payment card was developed by Gemalto and that its cryptographic key may be compromised.<\/p>\n<p>For its part, despite the allegations and purportedly secret documents, <a href=\"http:\/\/https:\/\/threatpost.com\/gemalto-sim-products-are-secure\/111218\" target=\"_blank\" rel=\"noopener nofollow\">Gemalto is steadfastly denying<\/a> that its secure networks were ever compromised.<\/p>\n<p>\u201cNo breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards, or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks,\u201d <a href=\"https:\/\/threatpost.com\/gemalto-officials-say-sim-infrastructure-not-compromised\/111261\" target=\"_blank\" rel=\"noopener nofollow\">the company said in a statement<\/a>.<\/p>\n<p>However, the company did acknowledge that there had been thwarted hacking attempts in the past for which it believed the NSA and GCHQ were responsible.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys <a href=\"http:\/\/t.co\/AV0TmzVUmZ\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/AV0TmzVUmZ<\/a><\/p>\n<p>\u2014 Thales Digital Identity &amp; Security (@ThalesDigiSec) <a href=\"https:\/\/twitter.com\/ThalesDigiSec\/status\/570483469568118784?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 25, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Another quietly troubling aspect of this and many of the Snowden revelations is that the document is dated 2010. In other words, this alleged SIM card scheme has not only been ongoing for five years, but the technique is also five years old, a lifetime in computer years.<\/p>\n<p>Beyond the personal, risk compromised SIM card keys pose to our collective and individual privacy, if the Snowden documents are true, then this attack is an international relations nightmare. Remember two months ago when the more hawkish among us hemmed and hawed about how <a href=\"https:\/\/www.kaspersky.com\/blog\/sony-hack-north-korea\/\" target=\"_blank\" rel=\"noopener nofollow\">North Korea\u2019s attack on Sony Pictures Entertainment<\/a> constituted an act of war? Well, that attack, which was as likely perpetrated by North Korea as it was by anyone else, targeted a movie studio and spilled some movie scripts and emails. An attack on Gemalto potentially compromises the integrity of a global communication infrastructure increasingly reliant on mobile devices and the SIM cards living inside them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New allegations against the NSA claim the group hacked into the network of the world\u2019s largest SIM card provider, stealing encryption keys to millions of devices.<\/p>\n","protected":false},"author":42,"featured_media":7777,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[901,314,189,261,988,82,961,584,423,574,741,187,43,914,97,987,694],"class_list":{"0":"post-7774","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-breach","9":"tag-data-breach","10":"tag-data-security","11":"tag-encryption","12":"tag-gemalto","13":"tag-hacking","14":"tag-leaks","15":"tag-mobile","16":"tag-mobile-devices","17":"tag-news-2","18":"tag-nsa","19":"tag-passwords","20":"tag-privacy","21":"tag-private-data","22":"tag-security-2","23":"tag-sim-cards","24":"tag-snowden"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/gemalto-sim-hack\/7774\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/gemalto-sim-hack\/5183\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/gemalto-sim-hack\/5488\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/gemalto-sim-hack\/7149\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/gemalto-sim-hack\/6973\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/gemalto-sim-hack\/7149\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/gemalto-sim-hack\/7774\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/gemalto-sim-hack\/7774\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/breach\/","name":"breach"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/7774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=7774"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/7774\/revisions"}],"predecessor-version":[{"id":33471,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/7774\/revisions\/33471"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/7777"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=7774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=7774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=7774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}