Sim card manufacturer Gemalto has claimed that hacks into its network did not result in the theft of any encryption keys, despite leaked documents suggesting that US and UK spy agencies had taken such data.
The claims came to light last week as a result of information leaked by Edward Snowden. The documents said that GCHQ and the US National Security Agency (NSA) had breached Gemalto’s network and stolen encryption data used in Sim cards.
However, Gemalto has now issued its findings into the claim and said that, although there is evidence that the spy agencies may have accessed its internal office network, no Sim card encryption data was gathered.
“The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of Sim encryption keys,” the firm said.
Gemalto added that, even if encryption keys had been taken, the circumstances would have been rare, rather than on a widespread scale, and would have affected only 2G voice services, not 3G or 4G data services.
“The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally," the company said.
"By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft.
“In the case of an eventual key theft, the intelligence services would only be able to spy on communications on 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack.”
Gemalto also said that, having reassessed cyber attack incidents that occurred around the time the infiltration was said to have happened in 2010 and 2011, the firm has found evidence of attacks that could have been by the NSA and GCHQ.
“In June 2010, we noticed suspicious activity in one of our French sites where a third party was trying to spy on the office network. Action was immediately taken to counter the threat,” Gemalto said.
A second event, in July 2010, involved phishing emails being sent to staff containing an attachment that could download malicious code.
“At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation,” the firm said.
Gemalto added that the company does all it can to ward off hackers, but is concerned by the notion that government agencies, with vast resources, could have carried out such attacks.
"We are conscious that the most eminent state agencies, especially when they work together, have resources and legal support that go far beyond that of typical hackers and criminal organisations," it said.
"And, we are concerned that they could be involved in such indiscriminate operations against private companies with no grounds for suspicion."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago