Gemalto: Our SIM cards are secure, despite NSA hack claim

Company investigates claim of hacking attack by NSA and GCHQ.

The GCHQ headquarters in Cheltenham, UK. Image: Ministry of Defence

SIM card maker Gemalto has said its products - which are used in mobile phones, bank cards, and passports - are secure, despite claims that the NSA and GCHQ hacked its network to steal encryption keys in an attempt to eavesdrop on mobile phone conversations around the globe.

A story published by The Intercept - based on documents from NSA-contractor-turned-whistleblower Edward Snowden - claimed that a team made up of NSA and GCHQ staff hacked into Gemalto's network to steal encryption keys used to protect the privacy of mobile communications by billions of people.

Read this

The Snowden effect: How it's still denting business confidence in cloud security

Signs were that security was beginning to recede as an obstacle to cloud adoption. That was until Edward Snowden's revelations about NSA's PRISM data-mining activities.

Read More

In response Gemalto said it is "devoting the necessary resources to investigate and understand the scope of such sophisticated techniques" and said initial conclusions "already indicate that Gemalto SIM products (as well as banking cards, passports, and other products and platforms) are secure" and that as a result the company "doesn't expect to endure a significant financial prejudice".

The company said it will reveal the results of its investigations in a press conference on Wednesday 25 February.

Gemalto produces embedded software on chips used in online banking and electronic identity authentication. It also makes up to two billion SIM cards each year, which are supplied to 450 mobile network providers across the globe and were the apparent target of the spy agencies' alleged efforts.

According to the Snowden documents, the UK's surveillance agency GCHQ and the US' NSA teamed up in 2010 and 2011 to penetrate Gemalto's internal network and steal encryption keys that would allow the organisations to monitor mobile communications.

Further reading