Posted on 02/19/2015 11:56:15 AM PST by John W
American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the worlds cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
(Excerpt) Read more at firstlook.org ...
Subscriber identity module
Wikipedia
https://en.wikipedia.org/wiki/Subscriber_identity_module
A subscriber identity module or subscriber identification module (SIM) is an integrated circuit that securely stores the international mobile subscriber identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephony devices (such as mobile phones and computers).
SIM card
From Wikipedia, the free encyclopedia
https://simple.wikipedia.org/wiki/SIM_card
A SIM card is a smart card that is used in mobile phones, to identify the client. SIM stands for subscriber identity module. A SIM card has a microchip, and its use is protected by a PIN. When the phone is powered on, a special number called IMSI is broadcast. The microchip is also needed for some encryption and decryption.
I remember how dead set the government was against strong encryption for cell phones.
They have the SIM card data, they have the firmware, they made sure the flakey baseband processor was never cleaned up...and most of all they made certain that perfect forward secrecy was not implemented.
Still, there is a way to get hard encryption for the audio data... it requires an external Bluetooth headset with built in perfect forward secrecy crypto. To achieve security you need an external device since the phone cannot be trusted. The metadata cannot be protected though.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.