Some of the world’s biggest telecommunications companies, including Australia’s major telcos, may be forced to recall millions of SIMs following claims that British and US spying agencies stole encryption keys vital to securing the cards.
According to a Fairfax Media report, Telstra, Optus and Vodafone have confirmed that SIM cards made by Dutch firm Gemalto – the world’s largest manufacturer of SIMs, producing over 2 billion a year – formed a large part of their range.
Last week, The Intercept published an article based on documents supplied by whistleblower Edward Snowden, claiming Britain’s GCHQ, with assistance from the NSA, hacked into Gemalto’s internal computer network. According to The Intercept, the two agencies conspired to steal the SIM encryption keys, enabling the agencies relatively easy access to the data, text and phone calls of millions of users around the world.
“I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept when asked about the revelations. Following the article’s publication, Gemalto released a statement saying it took the claims “very seriously” and would be devoting “all resources necessary” to investigate them.
According to the Fairfax report, the three Australian telcos are awaiting further advice from Gemalto before making a deciding on how to respond to the hacking allegations.
“Telstra takes customers privacy and security very seriously,” a company spokesperson for Australia’s largest telco said.
“SIM card encryption is just one of multiple ways Telstra secures our network and the communications of our customers.”
Linus Information Security Solutions Director Mike Thompson told Fairfax that with the encryption keys the NSA and GCHQ would be able to “bypass wiretapping restrictions”. According to Thompson, the agencies would have “the potential to be really insidious in terms of its pervasiveness”.
While suggesting that the NSA’s and GCHQ’s activities would most likely be targeted towards specific individuals under investigation as opposed to a mass surveillance programme, he described the alleged hack as like “using the sledgehammer to crack the nut”.
The only way for telcos to ensure customers’ devices were not compromised by such a hack would be to disable and replace the SIM cards, Thompson told Fairfax.
TOP IMAGE: via Shutterstock.com