According to new documents leaked by Edward Snowden, the NSA and its UK counterpart, Government Communications Headquarters (GCHQ), hacked into the computers of Gemalto, a company that manufactures SIM cards for a large number of carriers around the world. In doing so, the intelligence agencies acquired encryption keys that would allow them to intercept communications from customers of all four major U.S. carriers, along with 450 others around the world.
Snowden, who has been a blowing the whistle on secret NSA surveillance programs since 2013, leaked the documents to The Intercept, which broke the news earlier today:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider's network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
It's difficult to assess the extent and effects of this breach right now, but it definitely represents a massive blow to mobile security, as The Intercept notes that Gemalto produces 2 billion SIM cards each year — making it highly likely that the SIM in your phone was produced by the company.
For much more on this, check out The Intercept's full report from the source link below.
Source: The Intercept; Via: The Verge
Read more
Gemalto denies massive theft of SIM card encryption keys
Update: A new report in The Intercept claims that Gemalto is drastically downplaying the effects of this attack. In the report, several security researchers came to the conclusion that "the company made sweeping, overly-optimistic statements about the security and stability of Gemalto's networks, and dramatically underplayed the significance of the NSA-GCHQ targeting of the company and...
How Go Talk intends to be the BlackBerry of mobile carriers
Identity theft often goes through an unexpected route: conning the carrier. Go Talk Wireless wants to stamp out SIM swap fraud at the source.
It's time for my family to take the plunge on a VPN
A good VPN isn't as complicated as it used to be, but it's still a pretty big step for a "regular" user to take. But it's time to get my family used to it. Their data may depend on it.
PRIV named one of the most secure Android smartphones of 2016
Google's annual Android Security Review names PRIV one of the most secure smartphones of last year. While rather unsurprising to most of us here, there are some areas of the report that BlackBerry's software efforts receive some substantial kudos.