Pressemitteilung BoxID: 727443 (KuppingerCole Analysts AG)
  • KuppingerCole Analysts AG
  • Sonnenberger Str. 16
  • 65191 Wiesbaden
  • Ansprechpartner
  • Jennifer Haas
  • +49 (211) 237077-31

The Great SIM Heist - KuppingerCole Analystenstatement

(PresseBox) (Wiesbaden, ) Yesterday, The Intercept, the publication run by Edward Snowden's closest collaborators, published a report describing how NSA and GCHQ hacked into the internal computer network of Gemalto, the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect cell phone communications across the globe.

Alexei Balaganski, Senior Analyst at KuppingerCole, just published a blog post regarding this "Great SIM Heist". The Intercept has unveiled that back in 2010, American and British intelligence agencies were able to carry out a massive scale breach of mobile phone encryption in a joint operation targeting telecommunication companies and SIM card manufacturers. They managed to penetrate the network of Gemalto, world's largest manufacturer, shipping over 2 billion SIM cards yearly. Apparently, they not just resorted to hacking, but also ran a global surveillance operation on Gemalto employees and partners. In the end, they managed to obtain copies of secret keys embedded into SIM cards that enable mobile phone identification in providers' networks, as well as encryption of phone calls. Having these keys, NSA and GCHQ are in theory able to easily intercept and decrypt any call made from a mobile phone, as well as impersonate any mobile device with a copy of its SIM card. As opposed to previously known surveillance methods (likes setting up a fake cell tower), this method is completely passive and undetectable. By exploiting deficiencies of GSM encryption protocols, they are also able to decrypt any previously recorded call, even from years ago.

Since Gemalto does not just produces SIM cards, but various other kinds of security chips, there is a substantial chance that they could have been compromised as well. Both Gemalto and its competitors, as well as other companies working in the industry, are now fervently conducting internal investigations to determine the extent of the breach. It is worth noting that according to Gemalto's officials, they have not noticed any indications of the breach back then.

Balaganski mentions that first and foremost, everyone should understand that in the ongoing fight against information security threats everyone is basically on their own. Western governments, which supposedly should be protecting their citizens against international crime, are revealed to be conducting the same activities on a larger and more sophisticated scale. Until now, all attempts to limit the intelligence agencies' powers have been largely unsuccessful. The governments even go as far as to lie outright about the extent of their surveillance operations to protect them.

KuppingerCole's advice is therefore the following: "The only solutions we can still more or less count on are complete end-to-end encryption systems where the whole information chain is controlled by users themselves, including secure management of encryption keys. Breaking a reasonably strong encryption key is still much more difficult than stealing it." For the other communication channels, the companies should significantly reconsider their risk policies.

The whole blog post as well as blogs from other KuppingerCole's analysts can be found at Journalists are kindly requested to send us specimen copies of any published articles or links to online publications referring to our articles.

KuppingerCole Analysts AG

KuppingerCole, gegründet im Jahr 2004, ist ein führendes globales Analystenunternehmen mit Hauptsitz in Europa mit Schwerpunkt auf Information Security und Identity & Access Management (IAM). Ein weiterer Kernbereich des KuppingerCole Researchs bildet Governance, Risk Management and Compliance (GRC). Unsere sehr erfahrenen Analysten wissen, wie mit Informationssicherheits- und Privacylösungen ein signifikanter Mehrwert für Unternehmen generiert werden kann - für on-premise-Anwendungen, Cloud-Lösungen, mobile Zugriffe und Social Computing-Plattformen.

KuppingerCole steht für Expertise, Thought Leadership, Neutralität und für einen ausgeprägten Praxisbezug und unterstützt damit Anwenderunternehmen, Integratoren und Softwarehersteller sowohl bei taktischen als auch strategischen Herausforderungen. Die Balance zwischen unmittelbarer Umsetzbarkeit und Zukunftssicherheit prägt das Handeln von KuppingerCole.

Gemeinsam mit dem Unternehmensgründer Martin Kuppinger beobachten die hoch qualifizierten und weltweit angesehenen KuppingerCole Analysten kontinuierlich den Markt und stellen ihre Expertise in Form von aktuellen Research Notes und durch herstellerneutraler Beratung ("Trusted Advisory") zur Verfügung.

Zu den Analysten gehören neben Martin Kuppinger unter anderen der Identity & Access Management Experte Matthias Reinwarth, die Informationssicherheitsexperten Mike Small, Amar Singh, Dr. Eric Cole und Alexei Balaganski, die Infrastruktur- und Projektexperten Dr. Horst Walther, Dr. David Goodman und Rob Newby, die Privacy und Datenschutzexperten Dr. Karsten Kinast und Dr. Scott David sowie das Identity Management-Urgestein Dave Kearns.

Als unabhängige Analystengruppe organisiert KuppingerCole Konferenzen, Seminare, Workshops und Webcasts im Bereich Informationssicherheit, IAM und GRC und ist Ausrichter der European Identity & Cloud Conference, die sich als die führende Veranstaltung für Meinungsführerschaft und Best Practices für Identity & Access Management, Cloud und Digital Risk in Europa etabliert hat.

Erfahren Sie mehr auf unserer Website: