Gemalto, the Netherlands-based firm that is also the world’s largest manufacturer of SIM cards, is currently investigating whether or not its encryption keys have been lifted by US and UK spies.
If the keys have been stolen, anyone in possession of them would have the ability to secretly snoop on cell phone communications.
Currently the firm says said it has no evidence that its encryption keys have been stolen by the NSA or GCHQ, though it did note that it has “detected, logged and mitigated” many types of attacks over the years. Gemalto’s statement contradicts data gleaned from documents leaked by whistleblower Edward Snowden, which indicates that the Dutch firm has been a target for intelligence agencies looking to get information from people’s mobile phones without a warrant or a wiretap. That information was fist published in The Intercept.
“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain SIM card data,” a Gemalto spokeswoman said. “There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and among businesses, this truly emphasises how serious cyber security is in this day and age.”
The incident has also prompted concern from some international law makers. Dutch Member of the European Parliament Sophie in ’t Veld called on the European Commission to investigate the allegations.
This report of a possibly state-sponsored Gemalto hack comes on the heels of a Kaspersky Lab report that indicates that Toshiba, Western Digital, Seagate and IBM all saw their hard drive security compromised by a state sponsored attack. The report further concludes the U.S. to be the likely sponsor.