SIM Card Makers Scrambling To Respond to Smart Card Hack Report
SIM card vendor Giesecke & Devrient (G&D) jumped Tuesday to address a widely circulated article from The Intercept last week reporting that in 2010 and 2011, American and British spies “hacked into the internal computer network of the largest manufacturer…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
of SIM cards in the world” -- G&D competitor Gemalto -- “stealing encryption keys used to protect the privacy of cellphone communications across the globe.” That hack, which the report said was not limited to Gemalto (see 1502200039), “gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.” Gemalto issued a statement Monday saying it was studying the matter and would reveal the results of its investigation in a news conference Wednesday. In its news release Tuesday, G&D, which supplies SIM cards to more than 350 mobile network operators worldwide, said it has played an “important role” in the development of SIM card security standards for two decades. “The SIM card is so secure that in the case revealed recently, even intelligence services preferred to steal the key rather than attack the SIM card,” G&D said. The secure authentication of the mobile phone user on the mobile network is the main function of the SIM card, it said, saying G&D employs “the highest security procedures and processes.” The company “is taking the targeted attacks by intelligence services which were reported in the last few days very seriously, however,” it said. “Until now G&D has no knowledge that SIM card keys were stolen,” Stefan Auerbach, G&D’s head-mobile security business unit, said. “Immediately after the attacks were brought to light we did, however, introduce additional measures to review the established security processes together with our customers.”