World’s largest SIM maker hacked, customers monitored

Nod

Executive Member
Joined
Jul 22, 2005
Messages
9,695
Gemalto is also the company that will supply us with our new super secure ID cards.
Gemalto (Euronext NL0000400653 GTO, the world leader in digital security, will supply the Government Printing Works (GPW) of South Africa with Sealys eID cards for their national identity program. GPW will harness Gemalto’s secure embedded software to protect the holder’s image and biometric data within the secure identity e-document, delivering outstanding levels of integrity and privacy. Moreover, GPW selected the high-end Sealys document fitted with the contactless feature, ensuring added levels of convenience with unrivaled security for citizens.

Designed to modernize and replace South Africa’s traditional, paper-based ‘green book’ identity documentation, the new Sealys eID card will be offered by the Department for Home Affairs (DHA) to citizens aged 16 and over. The South African government embarked on this service program to improve confidence in official identity credentials and to prepare for the deployment of a comprehensive suite of efficient and convenient eGovernment services.
So we might be getting IDs that are already compromised.
 

Ockie

Resident Lead Bender
Joined
Feb 16, 2008
Messages
52,265
/shrug.

I very seldom do voice calls and Telegram is encrypted :)
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,293
Gemalto is also the company that will supply us with our new super secure ID cards.

So we might be getting IDs that are already compromised.

Those chips used in those cards are something else. The safeguards include false chip architecture that generates signals, so even if you had the hardware, you have no idea what part of the chip is the real component. It makes sense that they try and crack the security from that side.
Lots of busy nights at places like G&D and Namitech over the next few weeks.
 

azbob

Honorary Master
Joined
Nov 18, 2008
Messages
34,142
Is this like those free simcards Valentine provided?
 

whatnot

Well-Known Member
Joined
Jan 9, 2015
Messages
394
would have facilitated eavesdropping on much of the world’s voice and data mobile networks
...
would technically enable the agencies to monitor mobile communications

That's it. We're ****ed. It is clear that all my super serial phone calls have been taped by the NSA.

So long ppl, I'm gonna go live in a cave in siberia or something.
 

whatnot

Well-Known Member
Joined
Jan 9, 2015
Messages
394
Gemalto is also the company that will supply us with our new super secure ID cards.

So we might be getting IDs that are already compromised.
So what kinda info is there in my ID book/card that isn't already known to the government since the day of my birth ?
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,293
A friend in that industry sent me this in reply

Essentially they have hacked GTO to get all the OTA keys needed to securely communicate directly with the SIM, using this they can read SMs stored on the SIM and install applets to the SIM that can then be used to report location etc.
They also hacked MNO's firstly the billing system to zero rate thier SMs OTA commands to the SIM cards and secondly the HLR to get the authentication keys needed to encrypt the radio interface, this opens access to read the SMs and listen to voice real time...

Remember that scene in Person of Interest where the guy clones a phone so he can listen at its calls? That's basically what they did.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
40,461
I'm pretty sure this data only gives them access to information physically stored on the SIM card and only if they have physical access to it.
 

Ricard

Expert Member
Joined
Jul 6, 2007
Messages
2,803
The more stories that come from Snowdon the more I am convinced it's a setup. I know how sim cards work and stealing the code for the aim card won't help you jack - ****.

Every sim card has a master key and they are unique. The feds will need to get every key from the makers for any use to be had.

I say it's bollocks
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,293
The more stories that come from Snowdon the more I am convinced it's a setup. I know how sim cards work and stealing the code for the aim card won't help you jack - ****.

Every sim card has a master key and they are unique. The feds will need to get every key from the makers for any use to be had.

I say it's bollocks

Not according to a SIM Card engineer I know. This is nasty.
 

Sonic2k

Executive Member
Joined
Feb 7, 2011
Messages
7,641
The more stories that come from Snowdon the more I am convinced it's a setup. I know how sim cards work and stealing the code for the aim card won't help you jack - ****.

Every sim card has a master key and they are unique. The feds will need to get every key from the makers for any use to be had.

I say it's bollocks

Basically, if it is confirmed, they stole the Kp values which are the encryption keys for a given, known card of known ICCID.

This basically means it is possible to not only clone a SIM but to decrypt the communications sent by the handset, thereby bypassing network red tape and by building the scanner. Normally the network knows what the Kp is for a given card of given ICCID.

If I, for example was given the Kp of my own personal SIM, I would easily be able to make a clone.


For those of you who know what OpenBTS is, you will know that not even the developers can get the Kp of a given card, and therefore use the option of no encryption with OpenBTS.

Now the big thing that worries me is this... WHO THE EFF do these governments think they are?
Those of you that are pro-america, and pro Great Britian really need to ask yourself that question, do you really want to live in a country that has no scruples to commit a highly illegal act to enable it getting its jollies off by spying on every citizen in the world?

I tell you, George Orwell's novel is becoming a reality every day.
Too many disturbing news stories about the NSA have made me decide to terminate my cellphone as of today.
As for the hard disk hack, I am busy jerry-rigging something to dump the firmware from all my drives to see what, if any, malware, lurks there.
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,293
Worrying. My buddy in that industry, just a received a company-wide gag order. They are not allowed to discuss this with anyone.
And Gemalto's stock has already fallen 8%

And Koosi - Please let me know what you find.
 

Vis1/0N

Expert Member
Joined
Mar 10, 2009
Messages
2,188
Those of you that are pro-america, and pro Great Britian really need to ask yourself that question, do you really want to live in a country that has no scruples to commit a highly illegal act to enable it getting its jollies off by spying on every citizen in the world?

Think about the children. If you have nothing to hide then you have nothing to fear. You are letting the terrorists win. God bless America.

So please get back your phone they need to protect you at all costs even though the annual risk to you is way less than 1 in a million and the collateral risk will actually be more.
 
Top