Posted on 02/19/2015 4:47:13 PM PST by rickyrikardo
British and American spies stole the encryption keys from the largest SIM card manufacturer in the world, according to a government document handed to The Intercept by National Security Agency whistleblower Edward Snowden.
The NSA and its British counterpart Government Communications Headquarters targeted Gemalto, a multinational firm in the Netherlands that makes mobile phone SIM cards, to monitor mobile communications without permission from telephone companies.
Gemalto currently creates SIM cards for AT&T, T-Mobile, Verizon, Sprint and 450 other wireless network providers around the world. Gemalto produces around 2 billion SIM cards every year.
The breach, detailed in a 2010 GCHQ document, also gave the NSA and GCHQ the ability to monitor phone activity without leaving a trace that wireless providers could track. The intelligence agencies were also allowed to decrypt communications that they previously couldn't decode.
(Excerpt) Read more at nydailynews.com ...
Bttt.
I remember how dead set the government was against strong encryption for cell phones.
They have the SIM card data, they have the firmware, they made sure the flakey baseband processor was never cleaned up...and most of all they made certain that perfect forward secrecy was not implemented.
Still, there is a way to get hard encryption for the audio data... it requires an external Bluetooth headset with built in perfect forward secrecy crypto. To achieve security you need an external device since the phone cannot be trusted. The metadata cannot be protected though.
I hope all these spy methods can self destruct if america is taken over by a foreign power.
Those in power now are foreign to anything I would call American.
The problem with this technology is the inherent fragility of the technology itself. Sunspots erupt, space junk breaks satellites, not to mention that the enemy of our nation could end up being the best friends privacy ever had lol! When the power is unplugged, it’s all a pile of metal, plastic, and circuits.
Ever been in a grocery store when the power went down? Nobody even has a hand crank or battery/solar powered adding machine so that the sales can continue.
How can you trust an external device unless you build it yourself?
They have access all text messages and possibly recording of conversations stored by the their willing partners, the carriers themselves.
The story doesn’t make sense because the authentication key Ki is installed by the network operator (e.g., AT&T) during personalization. It is not installed by the SIM manufacturer. Ki is used when connecting to the mobile network and to generate Kc. Kc is a session key used from there on.
That’s the idea.
For even an average engineer such a thing is simple to devise.
If you produced them in quantity for others the product would need to be open-source, both hardware and software and be professionally audited, both hardware and software.
To prevent in transit interdiction you would need to protect the circuitry from tampering (possible) and verify it using encryption once the end-user has it. (also possible)
I would suggest capabilities for both public-key crypto (implementing perfect forward secrecy of course) and a hardware based true random number generator to produce one-time-pad capability based on a matched set of SD cards filled with random bits...Depending on the users paranoia level they could use the easier to handle public key or the one-time-pad method which is incredibly secure but more cumbersome to use.
This would make an excellent kick starter campaign for the capable engineer needing something to do.
It could be implemented as a Bluetooth device or as a snap on case utilizing a simple mic and speaker for I/O. The case based device would be easier to audit for security.
Seems that most of what we suspected or was afraid of was happening all along. We should apologize to those that kept telling of of this abuse.
While there were benefits of his disclosures, the negatives might not exceed the benefits. Would we (normal Americans) have ever realized that this effort of spying was going on? Probably not - of course we could have blissfully gone about our ways and cared not...until something else brought it up.
Heros are folks I would hold in much higher regard than this fellow but can understand your point! Hero’s today are not the heros of yesterday...Something society has brought to us.
Just stepping out saying something is enough. There are a lot of people that we label as heroes who are not heroes at all.
I have major problem with the government spying on law-abiding citizens. We have constitutional rights and protections. We need to stand by the entire ‘Bill of Rights’!
I mean we wouldn’t have as many terrorists in this country if A) the government secured our borders, B) respected our own laws, and C) didn’t treat its own native born citizens like crap.
I love my country and what it is about but I question the government quite a bit. The only way we are going to stay free is if we stand by our laws and call out members of both parties who are in violating of it.
Too often more or not, we have abandoned principle in favor of power.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.