Edward Snowden’s cache of information is unsettling, but necessary. Periodically, he’ll release a tidbit of info that either follows up on something that came before it, or is entirely new and equally shocking. Today, we get the latter of the two, as Snowden reveals how the NSA — in conjunction with the UK’s GCHQ — hacked Gemalto, a major SIM card manufacturer. According to Snowden, the NSA/GCHQ hack of Gemalto gave them secret passcodes to SIM cards around the world, bypassing your carrier altogether.
Stateside, all four major carriers are reportedly customers of Gemalto, so you’re likely at-risk.
According to the report, the encryption key — called a ‘Ki’ — is coded to your SIM card after the manufacturing process is completed. A copy of that key is given to your carrier, which is how they know your SIM is meant for their network. The Ki provides authentication, and identifies you on your carrier’s network.
Rather than go through carriers to gain access to your communications, government agencies would simply need to identify your Ki. According to the report, the GCHQ and NSA were keeping track of people via the Ki codes, which meant they didn’t need the permission of your carrier at all.
That also means a warrant for wiretap was unnecessary, and a Ki allows agencies to decrypt communications they’d intercepted via other means.
Basically, these agencies created a dragnet to grab information, then used stolen Ki codes to decrypt your info.
Paul Beverly, a Gemalto executive vice president, said “I’m disturbed, quite concerned that this has happened. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.”
Source: The Intercept