Gemalto is the biggest SIM card manufacturer in the world and in the past week, news outlets have been reporting that the firm’s cards have been hacked by internal UK and US agencies. There was immediate outrage among mobile technology enthusiasts, saying that now they are vulnerable and Gemalto should take action to remedy the situation. It seems that the company isn’t as concerned as users are, according to a Reuters report. The Intercept published the first report of the SIM hacking incident, based on documents provided by whistleblower Edward Snowden. According to the investigative news site, government agencies had hacked into Gemalto systems in 2010, and nothing has been done about it until now. Gemalto said they didn’t know about the incident.
According to Reuters, Gemalto “sees no significant impact from hacking issue”, which seems odd at first. Even though news websites have reported that the both the National Security Agency (NSA) and the Government Communications Headquarters (GCHQ), from the U.S. and UK respectively, have hacked the SIM cards manufactured by Gemalto, the company said that after the first investigations done over the weekend, there seems to be no serious security issue caused by the hacks.
The SIM card hack effectively meant that the agencies that performed them could access calls, text, emails and other sensitive data without the user’s knowledge. There is no evidence that points towards the NSA or the GCHQ actually intercepting information like this, but the fact that security professionals reported it possible is already worrisome to many users. Gemalto, however, doesn’t seem to be too worried about the security compromises these hacks come with.
According to Reuters, Gemalto would make their initial investigation’s findings public on Wednesday, February 25, wherein they will detail the effects of the hack and the security flaws they brought on in a press conference in Paris. Gemalto said that their products remain secure and the company is not expecting any serious financial impact from the ordeal, which is rather odd. Maybe they were in on it, the paranoid version of me is thinking. If we follow that train of thought, we could come up with very disturbing ideas about why Gemalto is all of sudden no longer worried about the impact the hack has had on SIM cards and their users. When the company first found out about the issue, they seemed committed to find out what happened and how many were affected. Now, it seems they are rather mum about the issue. We’ll just have to wait for the full report on Wednesday.
Gemalto not only makes SIM cards, but also bank cards and biometric passports based on the same technology, which means that all these platforms could have been exposed by the hack. Most notable, Gemalto supplies companies like Vodafone, Sprint, AT&T and Verizon with SIM cards across the world, so many customers might be exposed to these security flaws. It is rather odd that the manufacturing company isn’t more worried about the backlash the incident will have, suggesting that they might have known about it, although don’t take our word for that as there isn’t any confirmation.
The news about Gemalto and it being severely hacked is worrisome to all customers as well as service providers around the world. It’s bad news and sources say it will have enormous effects on the perception of mobile security. If the hack is indeed completely real and has compromised all the SIM cards manufactured by Gemalto in the last four years, we might have a serious breach on our hands. If it is proven that the spy agencies did in fact steal the encryption keys from the company, there will be serious ramifications for both the agencies which were involved.