SIM card data leak prompts concerns about phone security

Gemalto, the largest manufacturer of SIM cards in the world, was recently hacked by American and British spies. Gemalto provides SIM cards, which allow devices to connect to cellular networks, to more than 450 wireless network providers. They produce more than 2 million SIM cards a year under the motto “security to be free.”

A joint effort from the National Security Agency and its British counterpart Government Communications Headquarters recovered encryption keys for every SIM card provided by Gemalto all over the world. These keys help bypass the requirement to receive a warrant or any approval from companies or government, as intelligence agencies can now intercept and decode all communications from either voice or text data.

Gemalto had no knowledge of the penetration into its system and is currently in the process of investigating how the hack happened and ensuring that it does not happen again.

In April 2010, the Mobile Handset Exploitation Team, which until now had never been disclosed, was formed. Their main goal when formed was to penetrate the computer networks of corporations that manufacture SIM cards and the wireless network providers. The formation of MHET includes members of both the NSA and GCHQ.

The hack happened when GCHQ spies planted malware into the computer systems of Gemalto. U.S. and British intelligence performed in great stealth to pull off this encryption key heist. No alerts to any wireless network providers, foreign government or individual users were seen.

“As an average user, I feel this could help governments come across information that could cause a serious problem,” said sophomore Miranda Martin. “I have nothing to hide but at the same time I do feel this is somewhat wrong that Gemalto was just hacked and their software was just taken from them.”

There is a current gaping hole with the protection of cellphone and network providers as they do not support Perfect Forward Secrecy, which is designed to help with the damage caused by theft of encryption keys. PFS is, however, involved in Internet and social media sites like Google and Twitter. PFS helps prevent hacking by discarding encryption keys after a few minutes and generating new ones.

“The only effective way for individuals to protect themselves from Ki (key) theft-enabled surveillance is to use secure communications software, rather than relying on SIM card-based security,” said Jeremy Scahill and Josh Begley in an article for The Intercept.

This hacking is a basic effort to help get one step ahead of the current fight against terrorism. With the current movements of the Islamic state of Iraq, the Levant and Al-Qaeda, this will ultimately help get both foreign governments and the United States ahead by being able to monitor cellular data more progressively.

“I do not feel this will cause any harm whatsoever to Gemalto or its customers. The whole point of this it seems is to help keep people safe,” said Assistant Professor of Political Science and former CIA Analyst Robert Duncan..  “I am all for the Patriot Act, and I understand the safety it ensures to me and our country. I have nothing to hide, I don’t associate with terrorists or those organizations so this does not seem to be a problem to me. These intelligence agencies are doing the right thing to help protect us.”

For those who are worried about their personal privacy being invaded, there are applications for your cellular device that can help provide you a more secure network. Applications like TextSecure and Silent Text are secure ways for your SMS messages.