Worldwide phone SIM card hack

Online publication The Intercept has revealed that US and British spy agencies hacked the systems of Dutch SIM card company Gemalto in 2010/11 and stole encryption keys, gaining access to the personal information contained on any phone connected via a Gemalto-made SIM card. Gemalto manufactures SIM cards for 450 telecommunication companies worldwide including Telstra, Optus and Vodafone.

A stolen encryption key can be used to gain access to information, such as the text message and phone call history, on any phone associated with a specific SIM card. Most importantly for the spy agencies, it allows them to listen into any phone calls being made from the hacked phone.

Yesterday, Mike Thompson from Linus Information Security Solutions told Fairfax that the alleged hacking of the Gemalto SIM card encryption keys would allow the security agencies to bypass wiretapping restrictions. Mr Thompson also suggested that the alleged actions were likely to be targeted towards specific individuals, rather than a wide-spread data breach.

Mr Thompson said that the replacement of every compromised SIM card would place a massive financial burden on telecommunication companies and that they would be “extremely reluctant” to do so.

SIM card company Gemalto yesterday said that initial investigation indicate that its SIM cards and other products are ‘secure’.

Read more from www.theage.com.au
Read more from www.firstlook.org
Read more from www.theverge.com
Read more from www.cnet.com

Opinion: Are your phone habits secure?

While I and many other Australians might have assumed that our smartphones are built with the latest security protocols in place, the reality of the matter is that they are still using obsolete security technology.

The security built into the basic layer of each smartphone comes from the encryption code used in each SIM card. As reported above, if someone gains access to the encryption key, sensitive information can be unlocked and accessed without the knowledge of the phone owner. Future smartphones are expected to be fitted with better security,  such as that used by modern web browsers, which use Perfect Forward Security (PFS), a security software that generates unique encryption keys for each individual message, with those encryption keys then discarded soon after.

The only way to effectively secure your phone is to use secure communications software, rather than relying on your SIM card security to protect you. The email clients included in both Android and iPhone smartphones have an added layer of security called Transport Layer Security (TLS), which protects your emails from anyone who has access to your phone via SIM card hacking. Apps such as Silent Text or TextSecure allow you to send SMS messages securely from your phone while RedPhone, Silent Phone and Signal allow encrypted voice calls to be made.

What do you think? Should Australian telecommunication companies replace every SIM card manufactured by Gemalto? Are you worried about the potential breach of security on your phone? Or is it simply the people with something to hide who should be worried? 

Written by Drew

Starting out as a week of work experience in 2005 while studying his Bachelor of Business at Swinburne University, Drew has never left his post and has been with the company ever since, working on the websites digital needs. Drew has a passion for all things technology which is only rivalled for his love of all things sport (watching, not playing).
Contact:
LinkedIn
Email



SPONSORED LINKS

LOADING MORE ARTICLE...