After conducting the investigation, the chip manufacturer acknowledges having been the victim of attacks. But, he said, the risk of interception was reduced.
This morning, Gemalto announced the findings of its investigation into the alleged theft of encryption keys of its SIM cards by the NSA and the British secret service. Facts that date back to 2010 and 2011. In a lengthy press release, the chip maker returned item by item on the contents of the article published by The Intercept last week.
“If we look back over the period covered by the documents of the NSA and GCHQ published, we confirm having faced several attacks. In 2010 and 2011 specifically, we detected two particularly sophisticated attacks that could be linked to this operation, “confirms Gemalto. According to the group, these attacks have targeted his office networks, specifically the Gemalto employees computers that have regular contact with customers.
Part of the information storing encryption keys system would not have been affected. As for the risk of key interception during the exchange with customers, “he was greatly reduced by the spread of highly secure exchange process in place well before 2010″ Gemalto note. In 2010, however, notes the manufacturer “these methods were not widespread, and some operators or suppliers do not want to use them.” However, the manufacturer claims that these cases were exceptional and did not also relate to all the countries mentioned by The Intercept (to namely: Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikistan) .
Gemalto also advanced some inconsistencies in the survey The Intercept. It shows in particular that of the operators twelve cities, four of them have never purchased their SIM cards.
Finally, 3G and 4G cards would not be involved in the case. But “in 2010-2011, most of the countries of the operators still using 2G networks. If the SIM card encryption keys were 2G intercepted by the intelligence services, they were technically possible to spy on communications when the card was used in the mobile phone subscriber “ says Gemalto. Much more robust and secure, 3G and 4G networks would do for their not vulnerable to this type of attack
Read also:.
No comments:
Post a Comment