By Stephen McBride Published February 24, 2015
NSA whistleblower Edward Snowden has characterised the alleged NSA-GCHQ campaign to compromise Gemalto SIM cards as "more significant" than a related state-sponsored campaign to embed spyware in the firmware of hard-disk drives, and suggested that an entire recall of Gemalto SIMs may be necessary to purge spy agencies' monitoring tools from mobile handsets.
Responding to a question about the hard drive campaign during an AMA session on Reddit, Snowden said "firmware exploitation is nasty", but expressed deeper concern over the operation to steal encryption keys for Gemalto SIM cards, which would allow open monitoring of all data sent over mobile networks from those SIMs.
Earlier this month, Moscow-based cyber-security company Kaspersky Lab, said it had found monitoring malware in the hard drive firmware of PCs in 30 countries; target organisations included government departments, military branches, telecoms companies, banks, energy companies, nuclear researchers, media groups, and Islamic activists.
full article
Userlevel 7
+52
Gemalto presents findings into the alleged hacking of SIM card encryption keys
As a digital security company, people try to hack Gemalto on a regular basis. These intrusion attempts are more or less sophisticated and we are used to dealing with them. Most are not successful while only a few penetrate the outer level of our highly secure network architecture. If we look back at the period covered by the documents from the NSA and GCHQ, we can confirm that we experienced many attacks. In particular, in 2010 and 2011, we detected two particularly sophisticated intrusions which could be related to the operation.
Full Article
As a digital security company, people try to hack Gemalto on a regular basis. These intrusion attempts are more or less sophisticated and we are used to dealing with them. Most are not successful while only a few penetrate the outer level of our highly secure network architecture. If we look back at the period covered by the documents from the NSA and GCHQ, we can confirm that we experienced many attacks. In particular, in 2010 and 2011, we detected two particularly sophisticated intrusions which could be related to the operation.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.