AGL 40.02 Decreased By ▼ -0.01 (-0.02%)
AIRLINK 127.99 Increased By ▲ 0.29 (0.23%)
BOP 6.66 Increased By ▲ 0.05 (0.76%)
CNERGY 4.44 Decreased By ▼ -0.16 (-3.48%)
DCL 8.75 Decreased By ▼ -0.04 (-0.46%)
DFML 41.24 Decreased By ▼ -0.34 (-0.82%)
DGKC 86.18 Increased By ▲ 0.39 (0.45%)
FCCL 32.40 Decreased By ▼ -0.09 (-0.28%)
FFBL 64.89 Increased By ▲ 0.86 (1.34%)
FFL 11.61 Increased By ▲ 1.06 (10.05%)
HUBC 112.51 Increased By ▲ 1.74 (1.57%)
HUMNL 14.75 Decreased By ▼ -0.32 (-2.12%)
KEL 5.08 Increased By ▲ 0.20 (4.1%)
KOSM 7.38 Decreased By ▼ -0.07 (-0.94%)
MLCF 40.44 Decreased By ▼ -0.08 (-0.2%)
NBP 61.00 Decreased By ▼ -0.05 (-0.08%)
OGDC 193.60 Decreased By ▼ -1.27 (-0.65%)
PAEL 26.88 Decreased By ▼ -0.63 (-2.29%)
PIBTL 7.31 Decreased By ▼ -0.50 (-6.4%)
PPL 152.25 Decreased By ▼ -0.28 (-0.18%)
PRL 26.20 Decreased By ▼ -0.38 (-1.43%)
PTC 16.11 Decreased By ▼ -0.15 (-0.92%)
SEARL 85.50 Increased By ▲ 1.36 (1.62%)
TELE 7.70 Decreased By ▼ -0.26 (-3.27%)
TOMCL 36.95 Increased By ▲ 0.35 (0.96%)
TPLP 8.77 Increased By ▲ 0.11 (1.27%)
TREET 16.80 Decreased By ▼ -0.86 (-4.87%)
TRG 62.20 Increased By ▲ 3.58 (6.11%)
UNITY 28.07 Increased By ▲ 1.21 (4.5%)
WTL 1.32 Decreased By ▼ -0.06 (-4.35%)
BR100 10,081 Increased By 80.6 (0.81%)
BR30 31,142 Increased By 139.8 (0.45%)
KSE100 94,764 Increased By 571.8 (0.61%)
KSE30 29,410 Increased By 209 (0.72%)

It would be another powerful tool in the arsenal of US and British spy services: the encryption keys for a large share of the SIM cards used for mobile phones. A report by the investigative news website The Intercept, citing leaked documents from former National Security Agency contractor Edward Snowden, said the US and British agencies "hacked into" the European manufacturer Gemalto to gain these keys.
The report, if accurate could allow the NSA and its British counterpart GCHQ the ability to secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap. "This is a huge deal," said Bruce Schneier, a cryptographer who is chief technology officer at the security firm Resilient Systems, and a fellow at Harvard's Berkman Center.
"The things that are the most egregious are when the NSA hacks everybody to get a few people," Schneier told AFP. "They're getting encryption keys of everybody, including you and me. It's a scorched earth policy." The report suggests the intelligence services could have access to a wider range of communications than has been previously reported. Other documents have indicated NSA can monitor email and traditional phone communications.
Schneier said the report is credible and probably indicates other SIM card makers were hacked as well. "Do we think this is the only company? Odds are low," he said. Sarah Ludford, a Liberal Democrat member of British parliament, said on Twitter that the action by the spy agencies "undermines vital cybersecurity and further makes fools of legislators."
The NSA did not immediately respond to an AFP request for comment. Gemalto said in a statement it takes the matter "very seriously and will devote all resources necessary to fully investigate" the allegations. It added that the intended target was "not Gemalto, per se - it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible."
Yet the report leaves many questions unanswered, and some experts were cautious about jumping to conclusions about the documents. "One of the reasons I'm skeptical is that different governments have been using other methods to grab communications and wireless data which are unsecured to begin with," said Darren Hayes, director of cybersecurity at Pace University's School of Computer Science and Information Systems.
"I'm not sure that the US or UK governments would use hackers in the same way that the Chinese or Russians are doing." Schneier said more information is needed to know exactly what the encryption keys would provide, but says it is likely that they would allow access to the phone communications rather than the data transfer, so SMS or voice messages might be accessed but not Skype or other Internet-based services.
"I think the company should do what Sony did (after being hacked) - hire a forensics team," Schneier said. "We need details on how this was done and what can be done to remediate it." John Pirc, co-founder of the Virginia-based security firm Bricata, said the report is "plausible," and if true, could undermine confidence in mobile communications. "If someone had access to the SIM card and put malware on it, that means anyone can get in," Pirc told AFP. Pirc said the revelations could end up hurting manufacturers or carriers if they fail to take steps to correct any security weaknesses. "If this turns out to be true, every consumer should ask for a new SIM card," he said.

Copyright Agence France-Presse, 2015

Comments

Comments are closed.