World’s largest SIM maker hacked, customers monitored

Gemalto is also the company that will supply us with our new super secure ID cards.
Gemalto (Euronext NL0000400653 GTO, the world leader in digital security, will supply the Government Printing Works (GPW) of South Africa with Sealys eID cards for their national identity program. GPW will harness Gemalto’s secure embedded software to protect the holder’s image and biometric data within the secure identity e-document, delivering outstanding levels of integrity and privacy. Moreover, GPW selected the high-end Sealys document fitted with the contactless feature, ensuring added levels of convenience with unrivaled security for citizens.

Designed to modernize and replace South Africa’s traditional, paper-based ‘green book’ identity documentation, the new Sealys eID card will be offered by the Department for Home Affairs (DHA) to citizens aged 16 and over. The South African government embarked on this service program to improve confidence in official identity credentials and to prepare for the deployment of a comprehensive suite of efficient and convenient eGovernment services.
So we might be getting IDs that are already compromised.
 
Gemalto is also the company that will supply us with our new super secure ID cards.

So we might be getting IDs that are already compromised.

Those chips used in those cards are something else. The safeguards include false chip architecture that generates signals, so even if you had the hardware, you have no idea what part of the chip is the real component. It makes sense that they try and crack the security from that side.
Lots of busy nights at places like G&D and Namitech over the next few weeks.
 
would have facilitated eavesdropping on much of the world’s voice and data mobile networks
...
would technically enable the agencies to monitor mobile communications

That's it. We're ****ed. It is clear that all my super serial phone calls have been taped by the NSA.

So long ppl, I'm gonna go live in a cave in siberia or something.
 
Gemalto is also the company that will supply us with our new super secure ID cards.

So we might be getting IDs that are already compromised.
So what kinda info is there in my ID book/card that isn't already known to the government since the day of my birth ?
 
A friend in that industry sent me this in reply

Essentially they have hacked GTO to get all the OTA keys needed to securely communicate directly with the SIM, using this they can read SMs stored on the SIM and install applets to the SIM that can then be used to report location etc.
They also hacked MNO's firstly the billing system to zero rate thier SMs OTA commands to the SIM cards and secondly the HLR to get the authentication keys needed to encrypt the radio interface, this opens access to read the SMs and listen to voice real time...

Remember that scene in Person of Interest where the guy clones a phone so he can listen at its calls? That's basically what they did.
 
I'm pretty sure this data only gives them access to information physically stored on the SIM card and only if they have physical access to it.
 
The more stories that come from Snowdon the more I am convinced it's a setup. I know how sim cards work and stealing the code for the aim card won't help you jack - ****.

Every sim card has a master key and they are unique. The feds will need to get every key from the makers for any use to be had.

I say it's bollocks
 
The more stories that come from Snowdon the more I am convinced it's a setup. I know how sim cards work and stealing the code for the aim card won't help you jack - ****.

Every sim card has a master key and they are unique. The feds will need to get every key from the makers for any use to be had.

I say it's bollocks

Not according to a SIM Card engineer I know. This is nasty.
 
The more stories that come from Snowdon the more I am convinced it's a setup. I know how sim cards work and stealing the code for the aim card won't help you jack - ****.

Every sim card has a master key and they are unique. The feds will need to get every key from the makers for any use to be had.

I say it's bollocks

Basically, if it is confirmed, they stole the Kp values which are the encryption keys for a given, known card of known ICCID.

This basically means it is possible to not only clone a SIM but to decrypt the communications sent by the handset, thereby bypassing network red tape and by building the scanner. Normally the network knows what the Kp is for a given card of given ICCID.

If I, for example was given the Kp of my own personal SIM, I would easily be able to make a clone.


For those of you who know what OpenBTS is, you will know that not even the developers can get the Kp of a given card, and therefore use the option of no encryption with OpenBTS.

Now the big thing that worries me is this... WHO THE EFF do these governments think they are?
Those of you that are pro-america, and pro Great Britian really need to ask yourself that question, do you really want to live in a country that has no scruples to commit a highly illegal act to enable it getting its jollies off by spying on every citizen in the world?

I tell you, George Orwell's novel is becoming a reality every day.
Too many disturbing news stories about the NSA have made me decide to terminate my cellphone as of today.
As for the hard disk hack, I am busy jerry-rigging something to dump the firmware from all my drives to see what, if any, malware, lurks there.
 
Once you get you jerry rigged share the software so i can do the same to my drives.
 
Those of you that are pro-america, and pro Great Britian really need to ask yourself that question, do you really want to live in a country that has no scruples to commit a highly illegal act to enable it getting its jollies off by spying on every citizen in the world?

Think about the children. If you have nothing to hide then you have nothing to fear. You are letting the terrorists win. God bless America.

So please get back your phone they need to protect you at all costs even though the annual risk to you is way less than 1 in a million and the collateral risk will actually be more.
 
Top
Sign up to the MyBroadband newsletter