UK and US spy agencies have been accused of hacking into the network of the world’s largest Sim card manufacturer to steal encryption codes used to protect mobile communications.
The Intercept reports that documents provided by Edward Snowden reveal that the US National Security Agency (NSA) and GCHQ hacked into Netherlands-based firm Gemalto, which produces around two billion Sim cards a year for firms such as AT&T, Verizon and T-Mobile.
A slide published by The Intercept shows someone from GCHQ boasting of having access to "their entire network".
The work was allegedly carried out by a group at GCHQ called the Mobile Handset Exploitation Team, the existence of which has never been made public until now.
The claim is that the spy agencies were able to access the network and take encryption keys generated for the Sim cards. They were then able to monitor communications without having to gain wiretap approval or break the encryption codes.
Gemalto issued a statement acknowledging the report and saying that the company is doing all it can to verify the findings.
"A publication reported that, in 2010 and 2011, a joint unit composed of operatives from the British GCHQ and the NSA hacked Sim card encryption keys engraved in Gemalto and possibly other Sim vendors' cards," it said.
"We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.
“We cannot at this early stage verify the findings of the publication, and had no prior knowledge that these agencies were conducting this operation.”
The allegations are just the latest in a string of revelations relating to the surveillance and monitoring activities of the US and UK spy agencies ever since Edward Snowden leaked documents on the PRISM campaign in 2013.
Since then the intelligence agencies have come under intense scrutiny, even facing legal challenges over whether their actions broke human rights laws.
A recent ruling was made against GCHQ, which claimed that work it had carried out was in contravention of the Human Rights Act.
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps