US and UK 'hacked Sim card firm'

Written By Unknown on Jumat, 20 Februari 2015 | 19.21

20 February 2015 Last updated at 12:02

US and British intelligence agencies hacked into a major manufacturer of Sim cards in order to steal codes that facilitate eavesdropping on mobiles, a US news website says.

The Intercept says the revelations came from the former US intelligence contractor and whistleblower Edward Snowden.

The company allegedly targeted - Gemalto - says it is taking the allegations "very seriously".

It operates in 85 countries and has more than 40 manufacturing facilities.

The Intercept says that "the great Sim heist" gave US and British surveillance agencies "the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data".

It says that among the clients of the Netherlands-based company are AT&T, T-Mobile, Verizon, Sprint and "some 450 wireless network providers around the world".

Highly embarrassing

The Intercept claims that the hack organised by Britain's GCHQ and America's National Security Agency took place in 2010. Neither agency has commented on the allegations.

The stolen encryption allowed the agencies to decode data that passes between mobile phones and cell towers. They were able to ungarble calls, texts or emails intercepted out of the air.

A Gemalto spokeswoman said that while the company was not targeted "per se", there was "an attempt to try and cast the widest net possible to reach as many mobile phones as possible".

"We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data," she added.

Correspondents say that the revelations are highly embarrassing for the agencies, because they give the impression that they will do whatever is required to improve their surveillance powers, even if that means stealing data from law-abiding Western firms.

Gemalto makes Sim cards for mobile phones and furnishes service providers with encryption codes to keep the data on each phone private.

The Intercept claims that by first cyber-stalking employees at Gemalto and then penetrating their emails, the spy agencies were able to steal thousands of encryption keys at source.

The BBC's Naomi Grimley in Washington says that this would allow them to eavesdrop easily on phone calls and texts without seeking permission from telecoms companies or foreign governments, and without leaving a trace.

The Intercept cites as its source documents leaked by Edward Snowden, the former NSA contractor who is currently living in Russia.

Analysis: Joe Miller, BBC technology reporter

If The Intercept's report is to be believed, the most striking discovery is how easily those wanting to engage in mass surveillance can eavesdrop on our mobile communications.

The company allegedly targeted, Gemalto, which manufactures an estimated 30% of all Sim cards worldwide and, crucially, creates the security key for each item. All security agencies needed to do was obtain (by hacking, allegedly) the list of security keys from the firm. Then, as security expert Karsten Nohl says, they could snoop on phone calls with a "few hundred dollars worth of radio equipment in strategically important locations".

This contrasts with the security procedure used for example, for chips in passports. Many are are also manufactured by Gemalto. These are delivered to the relevant authorities as a blank chip, and the Passport Office - not the company - creates the security key.

Many of Edward Snowden's allegations have shone a light on complex surveillance tactics by the NSA, but perhaps this latest leak has done more to highlight how a single company is in control of millions of people's private data.


Anda sedang membaca artikel tentang

US and UK 'hacked Sim card firm'

Dengan url

http://beritaberbagiceria.blogspot.com/2015/02/us-and-uk-hacked-sim-card-firm.html

Anda boleh menyebar luaskannya atau mengcopy paste-nya

US and UK 'hacked Sim card firm'

namun jangan lupa untuk meletakkan link

US and UK 'hacked Sim card firm'

sebagai sumbernya

0 komentar:

Posting Komentar

techieblogger.com Techie Blogger Techie Blogger