Has your phone been spied on? A new report claims that British and US spies used the world’s largest SIM manufacturer to potentially monitor a huge number of people through their phones.
With some 450 networks using the SIM cards made by Gemalto, the NSA and GCHQ may have gained access to a phenomenal number of people’s communications data, both voice and data.
Gemalto has now come out and said that it is investigating The Intercept’sreport, which claimed that US and UK agencies used the technology to survey a large number of mobile phone communications without permission.
The Intercept says that “the great Sim heist” gave US and British surveillance agencies “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”.
It says that among the clients of the Netherlands-based company are AT&T, T-Mobile, Verizon, Sprint and “some 450 wireless network providers around the world”.
The Intercept claims that the hack organised by Britain’s GCHQ and America’s National Security Agency took place in 2010. Neither agency has commented on the allegations.
The stolen encryption allowed the agencies to decode data that passes between mobile phones and cell towers. They were able to un-garble calls, texts or emails intercepted out of the air.
A Gemalto spokeswoman said that while the company was not targeted “per se”, there was “an attempt to try and cast the widest net possible to reach as many mobile phones as possible”.
“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data,” she added.
Gemalto said it had been totally oblivious to the penetration of its systems and was “disturbed” by what had happened.
Paul Beverly, executive vice president at Gemalto, told The Intercept: “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again.”
Correspondents say that the revelations are highly embarrassing for the agencies, because they give the impression that they will do whatever is required to improve their surveillance powers, even if that means stealing data from law-abiding Western firms.
Gemalto makes Sim cards for mobile phones and furnishes service providers with encryption codes to keep the data on each phone private.
The Intercept claims that by first cyber-stalking employees at Gemalto and then penetrating their emails, the spy agencies were able to steal thousands of encryption keys at source.
The BBC’s Naomi Grimley in Washington says that this would allow them to eavesdrop easily on phone calls and texts without seeking permission from telecoms companies or foreign governments, and without leaving a trace.
The Intercept cites as its source documents leaked by Edward Snowden, the former NSA contractor who is currently living in Russia.