How NSA and GCHQ hacked world largest SIM card maker Gemalto: “game over for cellular encryption”


American and British spy agencies have hacked the world’s largest phone SIM card maker Gemalto, managing to steal encryption keys used to protect the privacy of phone calls, text messages and other data, according to the latest top-secret documents made public by National Security Agency whistleblower Edward Snowden.

The 2010 document shows a large-scale operation to break into the internal network of Gemalto. The stolen encryption keys allowed NSA and its British counterpart GCHQ to stealthily monitor phone communications of people across the globe without any approval from telecoms or governments. With the encryption keys, the spies could monitor communications without leaving a trace and without seeking a warrant.

Gemalto, the largest manufacturer of SIM cards in the world, is estimated to ship some 2 billion SIM cards a year. The company, based in France and listed in the Netherlands, manufactures SIM cards for the four major U.S. carriers AT&T, Verizon, Sprint, T-Mobile, and for over 450 other mobile operators across the globe. Its clients include Europe’s Vodafone and Orange, UK’s EE, China Unicom, Japan’s NTT, and Taiwan’s Chungwa.

The initial reaction from security experts: “game over for cellular encryption”


First, we ought to mention that Gemalto has been caught in the blue, and executive vice president Paul Beverly has said the following: “I’m disturbed, quite concerned that this has happened. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.”

Today, Gemalto updates us via an official press release, saying that it has detected the 2010 and 2011 attacks, but denied that this hack has compromised the encryptions in the billions of SIM cards it ships. The company claims that a separate internal network has been used to transfer encryption keys, and the hackers could not access it.

“It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” Gemalto CEO Oliver Piou said in an amusing analogy used to defeat privacy concerns.

“The operation very probably happened, but it’s difficult to prove our conclusions legally, so we’re not going to take legal action,” Piou added.


Still, a lot of serious doubts remain, especially given the fact that Gemalto seemed totally unaware of the attack prior to the Snowden revelations. Earlier, security experts described the events as catastrophic.

“Once you have the keys, decrypting traffic is trivial,” according to Christopher Soghoian, principal technologist at the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

“Gaining access to a database of keys is pretty much game over for cellular encryption,” according to cryptography specialist at the Johns Hopkins Information Security Institute Matthew Green. Green adds that this is “bad news for phone security. Really bad news.”

How did the spies hack Gemalto?


The way spy agencies attacked Gemalto is also indicative of the methods and intents at play over at the NSA and GCHQ. A secret GCHQ slide reveals that the attack first targeted Gemalto’s internal networks by installing malware on a few computers. Contrary to all of Gemalto’s recent claims, the British spies then conclude that they have gained access to the entire internal network of the SIM card maker.

In a coordinated effort, the spies also attacked cell companies’ networks, gaining access to “sales staff machines for customer information and network engineers machines for network maps.” The British spy agency also declares it has control over billing servers, allowing it to hide its hacking activities on an individual’s phone.

Interestingly, the leaked slide also mentions a ‘Mobile Handset Exploitation Team’ (MHET) founded in April 2010, and comprising of NSA and GCHQ operatives, with the sole goal to use vulnerabilities in phones. The division takes on the task of attacking SIM card manufacturers, so that it can monitor communications outside the United States (in the U.S., the spy agencies could theoretically get the records directly from the carrier, while in other countries that would be impossible).

The program targeting Gemalto was called DAPINO GAMMA, but the leaked document shows that the GCHQ had been preparing a similar attack against Gemalto rival Giesecke and Devrient.

Understanding encryption: 2G vs 3G vs 4G networks




In order to understand the issue fully, we ought to make a quick recap of digital cellular protocols, starting with the oldest one - GSM.

Introduced way back in the 80s, 2G GSM encrypts all calls between the phone and the cell tower via a long-term secret key (referred to as K) stored on the SIM card and at your carrier, BUT the authentication is just one way. The phone authenticates for the tower, but the tower does not need to authenticate back, meaning that anyone with fairly limited budget can create a fake cell tower that a GSM phone will connect to. The fatal flaw of this dated protocol is that the tower picks the encryption algorithm, which basically means that anyone with malicious intents can switch off encryption entirely and spy on communications.

Then, 2G suffers from weak authentication algorithms. 2G encryption uses the A5/1 algorithm that is evaluated to be weak and these days it can be decrypted on a regular PC. Then, there is the even weaker A5/2 algorithm that can be cracked in real-time.

Current day phones in major metros use the much better protected 3G UMTS or 4G LTE standards. These protocols use mutual authentication between phone and tower, done via a MAC that phones verify to legitimize a tower before connecting. Still proprietary, but much stronger authentication algorithms - called f1-f5 - are in use, and call encryption in 3G uses the fairly secure KASUMI block cipher.

The big problem with 3G UMTS or 4G LTE is that attackers with resources can bypass them. The overwhelming majority of phones is made to transition to 2G GSM without much of a notice. This is used by attackers who jam the 3G and 4G connections, forcing your phone to connect back to 2G GSM, and use all the aforementioned attacks.

A good example of the huge implications for this is the country of Ukraine, which is probably the only European country that lacks 3G infrastructure. There have been multiple cases of individuals eavesdropping on politicians using nothing but a compact antenna and a laptop, a setup that costs a few thousand dollars.

The Gemalto revelations are important because they can be used without having to go into the complexities of breaking the cryptography flaws we described above. Having access to the weak chain in the link that is the encryption keys means that phone calls can be decrypted and spied on months and even years after they have been made.

Conclusion


The implications of this are huge, and undermine SIM card security and communication via the standard dialer and messaging apps. With Gemalto being a supplier of cards to nations across the globe, ranging from the European Union to China and Russia, the effects of this latest leak will have an immediate effect on a global scale. On a personal user level, the solution to the problem is to use secure messaging and calling apps like Silent Phone for encrypted voice calls and Signal for encrypted texts. Email communication from the big providers uses the Transport Layer Security (TLS), and is also considered safe.

source: The Intercept, WSJ, CryptographyEngineering

FEATURED VIDEO

32 Comments

1. PapaSmurf

Posts: 10457; Member since: May 14, 2012

This is literally terrifying. Wow.

8. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

In multiple posts, I have said that cellphone security is non-existent. If the two agencies want our comms bad enough, they will get it. Period. Full stop.

2. Jobayer

Posts: 167; Member since: Feb 22, 2013

I don't mind the government checking my stuff if they have a warrant but this is just too much...

3. UglyFrank

Posts: 2200; Member since: Jan 23, 2014

Why is this legal?

25. rallyguy

Posts: 620; Member since: Mar 13, 2012

It's not!

4. shermenz

Posts: 10; Member since: Mar 26, 2014

Hey! HEY! What the hell are you doing?! Keep arguing over specs! Pay no attention to the raping of your private info by the government! 14nm Exynos! TALK ABOUT IT SHEEP! TALK!

5. bendgate unregistered

RIP privacy.

6. PhoneCritic

Posts: 1382; Member since: Oct 05, 2011

As if we really didn't know this? Are Americans that native that they don't think their own government does not spy on its own citizens? Come on get over this. The minuet you got any electronic device you are on the grid-the MATRIX-and the NSA, CIA, FBI etc.. has all the back door access they need to spy and since a bunch of our tech (

9. Pattyface

Posts: 1658; Member since: Aug 20, 2014

Bud you act like it's just America that is on total hack.. Every developed country has been hacked by their country..

13. Penny

Posts: 1871; Member since: Feb 04, 2011

Being monitored at any given moment in public for the purpose of public safety is one thing. Being spied on in the privacy of your home or office is another thing entirely. The WORST approach citizens can take to this kind of information is "well, we kind of knew they were doing stuff like this anyway and it's not affecting my daily life, so whatever." That type of thinking gives the government all the support they could ask for to do whatever they want, and the danger in that is that power corrupts. It doesn't matter how pure intentions are at the outset, but any government policy that gives the government more power cannot be reversed because the government will never relinquish control. It will snowball until it is such a behemoth that we won't understand how it got to that point, and we won't be able to stop it without a violent revolution. That's the danger in allowing your freedoms and rights to slowly disappear; eventually, one generation will have to face death in order to regain its liberties. Do you want to be that generation?

32. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Well, in the govs defense, the literal foundation of the US government was done in secrecy under British rule. So from its very beginnings it needed to know who was loyal who was not etc. While yes privacy is a concern, there is nothing stopping me from moving to another country that has no technology. Its when, nothing to fear, turns into populace manipulation. Meaning if my last loan was denied cause they found out that I didn't pay my brother on time. So yes, peak all you want, but its what you do with the info is what matters more than anything.

7. PhoneCritic

Posts: 1382; Member since: Oct 05, 2011

As if we really didn't know this? Are Americans that native that they don't think their own government does not spy on its own citizens? Come on get over this. The minuet you got any electronic device you are on the grid-the MATRIX-and the NSA, CIA, FBI etc.. has all the back door access they need to spy and since a bunch of our tech (

10. Ashoaib

Posts: 3309; Member since: Nov 15, 2013

But only china is dirty because it allegedly spy. Rest of all are ok even if proven, nothing dirty in it :@

12. shuaibhere

Posts: 1986; Member since: Jul 07, 2012

they will believe whateva media feeds them

11. shuaibhere

Posts: 1986; Member since: Jul 07, 2012

and Americans complaint about Chinese government??? what a irony...

20. Pattyface

Posts: 1658; Member since: Aug 20, 2014

And every other country complains like America and China only do it.. I find it laughable that so many on this site rag on the US so much when their respective country is in a worse state than the US or China

23. JC557

Posts: 1926; Member since: Dec 07, 2011

You do realize almost every 1st and 2nd world country is guilty of such right? In the article itself GCHQ is British. Then you have the Russians and Israelis. And if you actually knew any better we do complain about our government spying on us without warrant.

14. LessThanDoug

Posts: 54; Member since: Dec 03, 2014

What's taking Obama so long to bring that traitor in....

26. rallyguy

Posts: 620; Member since: Mar 13, 2012

You mean obama turning himself in?

15. phonejunkie77

Posts: 3; Member since: Aug 25, 2011

This is where the irony comes in. Laws are made by men in power. Those men do illegal things and hide behind the laws they create. But if you take the average citizen and say they hack into a system like Edward did he is prosecuted. Or to even video tape someone is against federal wire tap laws even if it is to protect yourself. Yet wet the government just hide behind the words that it is in the name of safety. I say bs. Welcome to the world as it is. No privacy no freedom of speech no nothing without the fear of being arrested

19. Victor.H

Posts: 1104; Member since: May 27, 2011

This is a very complex issue, that many of the commenters here take with some wishful shallowness, and I'm replying to your comment in particular because it shows a very typical opinion. There is a very valid question about surveillance and privacy, and it boils down to something NSA chief Mike Rogers said a few days ago: 'You can't have your privacy violated if you don't know it'. On one fence are those who agree with it, and on the other - those who disagree. What's clear is that there should be a debate about the checks and balances for surveillance, but on the other hand you also have the extremely dangerous rise of ideologies like ISIS' jihadism that seems to find supporters all over Europe and even in the United States. Those people are a real danger to the public if they decide to do harm, and some may argue that with no surveillance one simply cannot detect them. On the other side of the fence is having this uncontrolled access to information that can be used by the Government to thwart protests that have legitimate goals to change and improve our society. Where's the balance? That's where the discussion should really be, I think.

21. Penny

Posts: 1871; Member since: Feb 04, 2011

Very thoughtful comment Victor, and it is very true that there are legitimate threats we have to worry about and watch out for. If I could follow the problem we all have with these tactics down to its root, I think we would ultimately come to the point of transparency. If the government instantiates such methods covertly, uses a secret court system, and even uses hacking into secured company data as a tactic, it becomes very difficult to argue for the legitimacy of their goals. And once this happens, once these "safeguards" are in place, it is nearly impossible to reverse them. To do so would require a reversal of pacifism from the public, and a willingness of those in power to actually relinquish control. That generally doesn't happen unless the government fears losing even more control if they don't give in. So where the balance starts I think is with transparency. The government has to let the public know what things it is doing for national safety, and it must allow the people to feel secure with those safeguards in place. We already fear a terrorist threat, but we are at the precipice of fearing persecution more than we fear a violent threat from the outside. We want to be able to catch external threats before something bad happens, but we need to be able to trust those in power not to use those safeguards against us, which they have been known to do all too frequently. We can't continue down this path if we don't want to live in fear. "Give me liberty, or give me death!" - Patrick Henry

24. ZEUS.the.thunder.god

Posts: 1185; Member since: Oct 05, 2011

totally agree. well said.

31. rallyguy

Posts: 620; Member since: Mar 13, 2012

"'You can't have your privacy violated if you don't know it'" I couldn't disagree more. If I steal your identity and take out loans in your name. The same logic would say I havne't stolen your identity because you haven't figured it out yet. Maybe when someone breaks into a house while the person is on vacation. I guess no crime has been committed until the owner comes home and realizes it?

33. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

You will know when its your bill in the mail. What he is saying, is that despite the 'access' they have, you have no idea if you were probed, your phone searched, etc. Because of such, you will never know if you were violated. The example you gave, you will know. Especially when the bank calls asking if I just bought a 50k car.

16. arch_angel

Posts: 1651; Member since: Feb 20, 2015

f**k it i dont do incriminating stuff anyway listen all you want spies lol all you'll hear is me saying mom im hungry bring me food lol. crazy shit tho and privacy is something we should all have.

29. andynaija

Posts: 1267; Member since: Sep 08, 2012

Lol same here bro.

18. Crispin_Gatieza

Posts: 3188; Member since: Jan 23, 2014

Murricans have no right to complain now. I saw the writing on the wall when the Bush Administration rammed the Patriot Act down our throats. I'm Cuban, I don't fall for this bulls**t easily since I've had almost 50 years of listening to Fidel talk out the side of his mouth. Let's see, how was it that W said? "You're either with us or against us." Enjoy your serfdom.

22. das22

Posts: 3; Member since: Apr 06, 2013

So, if you have a Gemalto sim card and an iPhone 6 with digitial scanner, you pretty much have a direct line to the NSA. Sweet ;)

27. rallyguy

Posts: 620; Member since: Mar 13, 2012

Brian Williams confirmed this story and said he was there when it happened. :)

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless