GCHQ & NSA hacked SIM manufacturer to get keys to decrypt calls

Everything Goes

19-02-2015

GCHQ & NSA hacked the worlds largest SIM manufacturer Gemalto to get keys to decrypt calls according to Edward Snowden.

Quote:
“The target for the team was the unique Ki encryption keys baked into each of Gemalto's SIM cards. These 128-bit values are hidden away inside the SIM electronics, and are supposed to be kept secret. Every SIM has one, regardless of its manufacturer.

Mobile networks keep a copy of a SIM's Ki key before the card is given to a subscriber. This is so that the carrier can identify and authenticate the device containing the SIM when it joins a network.”

http://www.theregister.co.uk/2015/02...ys_to_kingdom/

ScPD

20-02-2015

I can't say I'm pleased at their underhand tactics.. People should be held to account...

Having said that... I've nothing to hide, so I'm not fussed...

Everything Goes

20-02-2015

Originally Posted by ScPD:
“I can't say I'm pleased at their underhand tactics.. People should be held to account...

Having said that... I've nothing to hide, so I'm not fussed...”

The main problem is giving people in power the tools of tyranny. While you may be happy with the present government it can only takes one power crazy loon for things to turn nasty. Germany was once a peaceful nation and look what happened.

Quote:
“First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me.”

Martin Niemöller

ScPD

20-02-2015

You're preaching to the converted..

I said already they should be held to account

maxwellaj_8191

20-02-2015

hi
your problem is so important as a security purpose.so it is very necessary to keep keep our data from unauthorized user , so there are many techniques are available at current time.The GPS tracker are also provide a facility by which we secure our data because it is inform us by sms alert.

The Lord Lucan

20-02-2015

Security services doing security service things...

I'd be more worried about spoof cell sites & retail mobile tracking tbh.

psionic

20-02-2015

People that say variations of the 'if you've got nothing to hide you've got nothing to fear' mantra, perhaps should consider that If the supposed good guys have access to your mobile communications, it's not entirely inconceivable that the bad guys (whoever they may be at the time) have access too. Or at the very least could get or force someone to get access for them.

Plus there's always the danger of 'mission creep' where at some point in the future the data can be misused by the powers that be for originally unintended reasons.

Everything Goes

20-02-2015

One of the advantages for the spies is that this would allow them to eavesdrop on phone calls and texts without seeking permission from mobile network operators or foreign governments, not that they would bother with such trivial matters as permissions anyway. Plus they can do it without leaving a trace. Just like the old days when analogue mobile phone calls were easy to listen to with a scanner.

http://www.bbc.co.uk/news/technology-31545050

Rodney McKay

20-02-2015

Originally Posted by ScPD:
“I can't say I'm pleased at their underhand tactics.. People should be held to account...

Having said that... I've nothing to hide, so I'm not fussed...”

Sure, you have nothing to hide. Care to post your bank account details here then? Or your medical records? Or who you vote for?

Why not let the state put cameras in all our homes? Nothing to hide, nothing to fear.

Funny that the state thinks that is has a right to secrecy that it thinks we do not.

The Tories are vile slime.

ScPD

20-02-2015

Originally Posted by Rodney McKay:
“Sure, you have nothing to hide. Care to post your bank account details here then? Or your medical records? Or who you vote for?

Why not let the state put cameras in all our homes? Nothing to hide, nothing to fear.

Funny that the state thinks that is has a right to secrecy that it thinks we do not.

The Tories are vile slime.”

If the security services want my details then I'm happy to give them, all they have to do is ask, provide a good reason & I'll comply..

Might save them a few minutes, days or hours looking at me & actually look at someone worthwhile

As I've said at least twice.. The tactics they have used to get our details need to be looked into / prosecuted ...

Orbitalzone

20-02-2015

Originally Posted by psionic:
“People that say variations of the 'if you've got nothing to hide you've got nothing to fear' mantra, perhaps should consider that If the supposed good guys have access to your mobile communications, it's not entirely inconceivable that the bad guys (whoever they may be at the time) have access too. Or at the very least could get or force someone to get access for them.

Plus there's always the danger of 'mission creep' where at some point in the future the data can be misused by the powers that be for originally unintended reasons.”

Agreed, I've got nothing to hide but I still don't like the idea of big brother 'protecting us' by stealth and spying on us in every conceivable way. I'm sure they'll prove it's for the good by showing that it has stopped terrorism acts but where do you draw the line? and I think that line was crossed a long time ago.

So does this mean that GCHQ weren't able to easily access mobile phones by hacking techniques? and stealing the keys was much simpler than breaking the encryption (that I thought they could already break!)

moox

20-02-2015

Originally Posted by Orbitalzone:
“ (that I thought they could already break!)”

I understand GSM is pretty much blown open (especially if the network operator chooses to use insecure ciphers) but UMTS/LTE aren't

Thine Wonk

20-02-2015

I think the sooner we legislate and have encryption keys stored in escrow by a secure 3rd party and only to be obtained with proper process the better.

Everything Goes

24-02-2015

A report suggests The NSA and GCHQ stealing keys may have been part of a larger plan to install Spyware on the Sim and remain undetected.

http://www.theverge.com/2015/2/24/81...ant-spyware-on

Everything Goes

25-02-2015

Gemalto have confirmed that the NSA and GCHQ had likely carried out attacks between 2010 and 2011 but deny they were large scale in their nature. I guess they were previously aware of these activities but have taken 5 years to make them public. You also have to wonder about the stuff they either don't know about or haven't made public yet.

Quote:
“SIM chip maker Gemalto has confirmed that US and UK intelligence services likely attacked it, but said it "could not have resulted in a massive theft of SIM encryption keys." Its comments stemmed from a recent Edward Snowden leak, which revealed a coordinated attack on Gemalto by the NSA and British GCHQ. Following an internal investigation, the previously low-profile company said that a "sophisticated" intrustion by the intelligence agencies did occur in 2010-11 for the purpose of intercepting encyption keys sent to carriers. It said that the attacks consisted of email "phishing" and spying on office networks, and added that several attempts were made to access the PCs of individual Gemalto employees.”

http://www.engadget.com/2015/02/25/g...-gchq-attacks/