Gemalto: NSA and GCHQ Probably Hacked Us, But Didn't Get SIM Encryption Keys

An anonymous reader writes: Last week The Intercept published a report saying agents from the NSA and GCHQ penetrated the internal computer network of Gemalto, the world's largest maker of SIM cards. Gemalto has done an internal investigation, and surprisingly decided to post its results publicly. The findings themselves are a bit surprising, too: Gemalto says it has "reasonable grounds to believe that an operation by NSA and GCHQ probably happened."

They say the two agencies were trying to intercept encryption keys that were being exchanged between mobile operators and the companies (like Gemalto) who supplied them with SIM cards. The company said it had noticed several security incidents in 2010 and 2011 that fit the descriptions in The Intercept's documents. Gemalto had no idea who was behind them until now. They add, "These intrusions only affected the outer parts of our networks – our office networks — which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks." They claim proper use of encryption and isolation of different networks prevented attackers from getting the information they were after.

seperate networks doesn't mean secure at all.

Air gapped networks aren't secure just because they're air-gapped - there's lots of techniques:

https://www.schneier.com/blog/archives/2014/10/jumping_air_gap.html

http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/

and many other types of 'infected' media methods like USB keys. Sure it takes longer, but agencies are very patient.

They have Ki's

[Macfox]

Chances are they have the IMSI Ki keys. This is the info that is given to the carriers with each IMSI(SIM). That's all that is needed to dupe a SIM or decrypt coms. The vast majority(probably all) of these will use the default A3 /A8 encryption, so this will be a walk in the park (load IMSI+Ki into new card) to spin off duplicate SIMs for the next few years. Once you can dupe a SIM, you can then fool the VLR/HLR into redirecting calls/SMS or access Voicemail. No need to monitor the local airwaves.

Re:But can we believe them?

[phayes]

Belief in the fundamental good nature of Mankind?

Re:But can we believe them?

[the_other_chewey]

Why aren't phones generating their own keys when they're activated at the store? Burn a fusible link if necessary. This would be more secure _and_ cheaper for the carriers. Oh, because NSA has plants on the GSM committees?

No, because the subscriber identity is linked to the SIM card (it's in the name...),
and not to the phone. You can switch a SIM card into any phone (some simlock
issues excluded) and just keep going with your one subscriber identity.

Or put another SIM card in your phone and use a completely different one.
It's great when traveling.

It's a feature - it's even a "we actually want this" kind of feature.

Re:But can we believe them?

[tlhIngan]

this is what they want us to believe to keep costs down.

You won't believe how old the technology is in a SIM card. It's actually quite ancient.

Think about it - your SIM probably has a 32k storage area, yet if you saw the actual die, it's remarkably big for what it is (just an 8-bit microcontroller and storage) - something that would in normal circumstances literally the size of a grain of sand if you used recent, but not cutting edge, fab technology.

Instead, the dies are relatively big (measured in the mm scale) - it's because SIMs are so disposable so the manufacturers basically buy up ancient fabs and equipment for basically nothing. (It's probably sub-micron by now, but not the deep-sub-micron we use for bleeding edge stuff). Students in VLSI design often use micron-scale technology as it's basically extremely cheap to run. Even the masks used don't have to be particularly precise (a modern mask for a fab is on the order of $100K, each, and you often need 20 or more masks) so those are really cheap. And probably reused in the end, as well.

SIM cards are stupidly cheap because of this - which is the entire point - that $10 they charge for a SIM card is pure profit for the most part.