GCHQ & NSA hacked SIM manufacturer to get keys to decrypt calls

Everything GoesEverything Goes Posts: 12,972
Forum Member
✭✭
GCHQ & NSA hacked the worlds largest SIM manufacturer Gemalto to get keys to decrypt calls according to Edward Snowden.
The target for the team was the unique Ki encryption keys baked into each of Gemalto's SIM cards. These 128-bit values are hidden away inside the SIM electronics, and are supposed to be kept secret. Every SIM has one, regardless of its manufacturer.

Mobile networks keep a copy of a SIM's Ki key before the card is given to a subscriber. This is so that the carrier can identify and authenticate the device containing the SIM when it joins a network.

http://www.theregister.co.uk/2015/02/19/nsa_and_gchq_hacked_worlds_largest_sim_card_company_to_steal_keys_to_kingdom/

Comments

  • ScPDScPD Posts: 319
    Forum Member
    I can't say I'm pleased at their underhand tactics.. People should be held to account...

    Having said that... I've nothing to hide, so I'm not fussed...
  • Everything GoesEverything Goes Posts: 12,972
    Forum Member
    ✭✭
    ScPD wrote: »
    I can't say I'm pleased at their underhand tactics.. People should be held to account...

    Having said that... I've nothing to hide, so I'm not fussed...

    The main problem is giving people in power the tools of tyranny. While you may be happy with the present government it can only takes one power crazy loon for things to turn nasty. Germany was once a peaceful nation and look what happened.
    First they came for the Socialists, and I did not speak out—
    Because I was not a Socialist.

    Then they came for the Trade Unionists, and I did not speak out—
    Because I was not a Trade Unionist.

    Then they came for the Jews, and I did not speak out—
    Because I was not a Jew.

    Then they came for me—and there was no one left to speak for me.

    Martin Niemöller
  • ScPDScPD Posts: 319
    Forum Member
    You're preaching to the converted..

    I said already they should be held to account
  • [Deleted User][Deleted User] Posts: 1
    Forum Member
    hi
    your problem is so important as a security purpose.so it is very necessary to keep keep our data from unauthorized user , so there are many techniques are available at current time.The GPS tracker are also provide a facility by which we secure our data because it is inform us by sms alert.
  • The Lord LucanThe Lord Lucan Posts: 5,054
    Forum Member
    Security services doing security service things...

    I'd be more worried about spoof cell sites & retail mobile tracking tbh.
  • psionicpsionic Posts: 20,188
    Forum Member
    ✭✭✭
    People that say variations of the 'if you've got nothing to hide you've got nothing to fear' mantra, perhaps should consider that If the supposed good guys have access to your mobile communications, it's not entirely inconceivable that the bad guys (whoever they may be at the time) have access too. Or at the very least could get or force someone to get access for them.

    Plus there's always the danger of 'mission creep' where at some point in the future the data can be misused by the powers that be for originally unintended reasons.
  • Everything GoesEverything Goes Posts: 12,972
    Forum Member
    ✭✭
    One of the advantages for the spies is that this would allow them to eavesdrop on phone calls and texts without seeking permission from mobile network operators or foreign governments, not that they would bother with such trivial matters as permissions anyway. Plus they can do it without leaving a trace. Just like the old days when analogue mobile phone calls were easy to listen to with a scanner.

    http://www.bbc.co.uk/news/technology-31545050
  • Rodney McKayRodney McKay Posts: 8,143
    Forum Member
    ScPD wrote: »
    I can't say I'm pleased at their underhand tactics.. People should be held to account...

    Having said that... I've nothing to hide, so I'm not fussed...

    Sure, you have nothing to hide. Care to post your bank account details here then? Or your medical records? Or who you vote for?

    Why not let the state put cameras in all our homes? Nothing to hide, nothing to fear.

    Funny that the state thinks that is has a right to secrecy that it thinks we do not.

    The Tories are vile slime.
  • ScPDScPD Posts: 319
    Forum Member
    Sure, you have nothing to hide. Care to post your bank account details here then? Or your medical records? Or who you vote for?

    Why not let the state put cameras in all our homes? Nothing to hide, nothing to fear.

    Funny that the state thinks that is has a right to secrecy that it thinks we do not.

    The Tories are vile slime.

    If the security services want my details then I'm happy to give them, all they have to do is ask, provide a good reason & I'll comply..

    Might save them a few minutes, days or hours looking at me & actually look at someone worthwhile

    As I've said at least twice.. The tactics they have used to get our details need to be looked into / prosecuted ...
  • OrbitalzoneOrbitalzone Posts: 12,627
    Forum Member
    ✭✭
    psionic wrote: »
    People that say variations of the 'if you've got nothing to hide you've got nothing to fear' mantra, perhaps should consider that If the supposed good guys have access to your mobile communications, it's not entirely inconceivable that the bad guys (whoever they may be at the time) have access too. Or at the very least could get or force someone to get access for them.

    Plus there's always the danger of 'mission creep' where at some point in the future the data can be misused by the powers that be for originally unintended reasons.

    Agreed, I've got nothing to hide but I still don't like the idea of big brother 'protecting us' by stealth and spying on us in every conceivable way. I'm sure they'll prove it's for the good by showing that it has stopped terrorism acts but where do you draw the line? and I think that line was crossed a long time ago.

    So does this mean that GCHQ weren't able to easily access mobile phones by hacking techniques? and stealing the keys was much simpler than breaking the encryption (that I thought they could already break!)
  • mooxmoox Posts: 18,880
    Forum Member
    ✭✭
    (that I thought they could already break!)

    I understand GSM is pretty much blown open (especially if the network operator chooses to use insecure ciphers) but UMTS/LTE aren't
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    I think the sooner we legislate and have encryption keys stored in escrow by a secure 3rd party and only to be obtained with proper process the better.
  • Everything GoesEverything Goes Posts: 12,972
    Forum Member
    ✭✭
    A report suggests The NSA and GCHQ stealing keys may have been part of a larger plan to install Spyware on the Sim and remain undetected.

    http://www.theverge.com/2015/2/24/8101585/the-nsas-sim-heist-could-have-given-it-the-power-to-plant-spyware-on
  • Everything GoesEverything Goes Posts: 12,972
    Forum Member
    ✭✭
    Gemalto have confirmed that the NSA and GCHQ had likely carried out attacks between 2010 and 2011 but deny they were large scale in their nature. I guess they were previously aware of these activities but have taken 5 years to make them public. You also have to wonder about the stuff they either don't know about or haven't made public yet.
    SIM chip maker Gemalto has confirmed that US and UK intelligence services likely attacked it, but said it "could not have resulted in a massive theft of SIM encryption keys." Its comments stemmed from a recent Edward Snowden leak, which revealed a coordinated attack on Gemalto by the NSA and British GCHQ. Following an internal investigation, the previously low-profile company said that a "sophisticated" intrustion by the intelligence agencies did occur in 2010-11 for the purpose of intercepting encyption keys sent to carriers. It said that the attacks consisted of email "phishing" and spying on office networks, and added that several attempts were made to access the PCs of individual Gemalto employees.


    http://www.engadget.com/2015/02/25/gemalto-nsa-gchq-attacks/
Sign In or Register to comment.