Gemalto's findings of its investigations into the alleged hacking of SIM cards

Can anyone elaborate on why it&#x27;s supposedly only a problem for 2G? &quot;If someone intercepted the encryption keys used in 3G or 4G SIMs they would not be able to connect to the networks and consequently would be unable to spy on communications.&quot; Why not? I feel like there is a &quot;merely&quot; missing from this sentence -- if so, what more than keys do they need to spy?<p>Are they basing this on the specific type of key discussed in the documents? I don&#x27;t know a lot about it, but I&#x27;m inclined to believe there are valuable keys burned-in to 3G+ cards too.<p>I also wonder if there is a downgrade attack to force 2G, so that those keys are not completely worthless.

Firstly, I&#x27;m amazed that a large global corporation has put out a press release saying it has &quot;reasonable grounds to believe that an operation by NSA and GCHQ probably happened.&quot; Wow.<p>That said, I wonder if Gemalto really had any other option than to say its keys weren&#x27;t stolen. What might be the cost of replacing all affected SIM cards?

Please pardon my naiveté, but is it even possible for a company that operates in 85 countries to do a thorough security audit in the six days since this news started making the rounds? The rapidity of their response makes me uneasy.

FTA: &gt; In July 2010, a second incident was identified by our Security Team. This involved fake emails sent to one of our mobile operator customers spoofing legitimate Gemalto email addresses. The fake emails contained an attachment that could download malicious code. We immediately informed the customer and also notified the relevant authorities both of the incident itself and the type of malware used.<p>I&#x27;m not buying this. If the fake emails were sent to the customer, wouldn&#x27;t the <i>operator</i> be the one who detects the malicious address? So how is Gemalto informing the customer that the mails are malicious?

I see two totally separate threads of discussion here, so I have to ask - which way is it? Is Gemalto a poor company that got pwnd by Five Eyes, or are they just a bunch of spooks in corporate suits[0]? Because the latter paints the situation in a completely different light.<p>[0] - <a href="https://news.ycombinator.com/item?id=9106179" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9106179</a>

&quot;If someone intercepted the encryption keys used in 3G or 4G SIMs they would not be able to connect to the networks and consequently would be unable to spy on communications.&quot;<p>I don&#x27;t understand this. First, it&#x27;s well known that intelligence services passively listen to and collect any and all radio traffic. The issue then is can that traffic be decrypted, not can the traffic be spied on. Related to that is of course the use of frequency hopping -- but as I understand it, if frequency hopping uses N bands, and you have N antennas&#x2F;radios at your disposal, you could listen and record all of them.<p>Secondly, we all know that if you have a sim card, you can connect to a 3g&#x2F;4g network. What they seem to be implying, is that 3g&#x2F;4g uses asymmetric encryption (certificates) for authentication, and that only the sim card knows its own secret key. Does anyone know is this is true? Did 3g&#x2F;4g move away from shared-secret to asymmetric keys?<p>I hope I&#x27;m missing something -- because if not this press release is basically full of placating lies.

Whew, that was quick wasn&#x27;t it!<p>Four to five years after the hacks happened, Gemalto says it was all not so bad, they really really checked this time and they have super duper server logs they grepped twice to be sure.

Obviously the key theft made it easier, but remember that 2G&#x2F;GSM still only uses 64-bit encryption keys even in A5&#x2F;3 and GEA3.

This statement from Gemalto seems quite naive considering the leaked documents state that the operations to obtain the private keys were successful. They talk about the deployment of a &quot;secure transfer system&quot; BUT that will only help if that is the only time that data is ever transferred between two entities and assumes that the data will be kept securely.<p>The Ki database has to be distributed to so many places in and around the network that it isn&#x27;t surprising that it is schlepped around using insecure means.<p>Of course in an ideal world the keys should never be accessible by a human, they should have been generated in a set of HSMs at the SIM manufacturer that are transferred physically to the network operator. In reality this doesn&#x27;t happen as that takes time and money and is an overall logistical nightmare.<p>Mobile carriers use lots of professional services &quot;experts&quot; from the vendors they buy from, it is rare to have in-house engineers running and maintaining the systems as those tasks are usually outsourced.<p>Such engineers will have done a 4 week course with Nokia-Siemens-Networks, Huawei or Ericsson and they are sent out into the field with a crappy laptop and a few tools, they are just expensive &quot;remote hands&quot; without any real knowledge.<p>This is how it would play out from a 3rd level support&#x2F;engineer back at Telco HQ -<p>In-house expert: Hi Mr Field Engineer, I need you to restore that HLR you are looking at, I can&#x27;t reach it from here, and I need to send you a file securely to restore to that node, do you use PGP? Do you have the emergency encrypted USB stick with you?<p>Outsourced Engineer: PGP? I don&#x27;t know how to program, isn&#x27;t that for making web-sites? USB stick, yes I have a new one in my bag I bought for downloading movies.<p>In-house expert: No, that is PHP, don&#x27;t worry about that for now, do you have any decryption software on your laptop?<p>Outsourced Engineer: No, but my laptop is already unlocked, I&#x27;ve typed in my account and password.<p>In-house expert: I have my boss screaming at me and the call-center is overloaded with complaints, do you know how to use SCP?<p>Outsourced Engineer: SCP?<p>In-house expert: OK, how about FTP, do you have an FTP client?<p>Outsourced Engineer: Yes, I&#x27;ve got that, I use it for sending firmware to Cisco routers.<p>In-house expert: No, not TFTP, FTP! Do you know what that is?<p>Outsourced Engineer: Huh?<p>In-house expert: OK, how about a corporate email account?<p>Outsourced Engineer: No, I&#x27;m working for &quot;XYZ Solutions&quot; and I&#x27;m on a probationary period, I have a hotmail account, does that help?<p>In-house export: OK, I suppose that will have to do, please just delete the email from hotmail and make sure you delete that file later from your PC.<p>Outsourced Engineer: OK, you mean just drag it to trash on this 4 year old Windows XP laptop I&#x27;m using?<p><i>sigh</i>

&gt; Gemalto will continue to monitor its networks and improve its processes.<p>I wonder if they&#x27;re going to reissue the root key. And if they do, how can I, as an AT&amp;T Wireless customer, know that my new SIM is using it?

&quot;The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys&quot;<p>That&#x27;s what they think...

Could someone explain to me the significance of having the keys as opposed to simply breaking A5&#x2F;1 or A5&#x2F;2 (Which is considered to be trivial)? Especially since A5&#x2F;3 (which is also known to be insecure at least theoretically) can be downgraded to either of those or even A5&#x2F;0?<p>Is the advantage solely that they don&#x27;t need to intercept the traffic as a middleman to ask the target to downgrade?

This seems to have been released with breathtaking speed. Was it canned, or did they previously know that these revelations would come to light?

“…customized algorithms for each operator” What are they smoking?

Not a big deal.<p>Just carry on. Please.<p>* But be vigilant!

Hopefully this will finally shut up the people who complain that the NSA&#x27;s behavior will damage the US tech industry. If they are interested in compromising a system, being non-American just means they will break in the hard way. At least American companies can theoretically be secure if they are willing to grant authorized access when requested.