Jump to content
MCF HangOut X Lexus – 9 May 2024, Lexus Boutique ×

The Great SIM heist

Ben5266

By Ben5266,
in Lite & EZ

 Share

Recommended Posts

Ben5266

Ben5266

Supercharged

Edward Snowden again!

 

Hot topic in Europe but here... not reported.

 

 

For everybody's awareness.

Your mobile phone might not be secured. Uncle Sam might be reading your smses... [laugh]

 

 

HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

 

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQdocument, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

↡ Advertisement
  • Praise 1
Link to post
Share on other sites
Jamesc

Jamesc

Hypersonic

The British secret service are well know for leaving

 

laptops with all the countries top secret information

 

on trains and losing them. I just hope they don't stop

 

those young gals from going to the middle east.

 

At least not until they get some training from me.

 

:D

 

 

  • Praise 3
Link to post
Share on other sites
Ben5266

Ben5266

Supercharged
  • Author

More serious...

 

The NSA's SIM heist could have given it the power to plant spyware on any phone

http://www.theverge.com/2015/2/24/8101585/the-nsas-sim-heist-could-have-given-it-the-power-to-plant-spyware-on

 

... But in the days since the report published, there's been concern over an even more frightening line of attack. The stolen SIM keys don't just give the NSA the power to listen in on calls, but potentially to plant spyware on any phone at any time. Once the stolen keys have bypassed the usual protections, the spyware would live on the SIM card itself, undetectable through conventional tools, able to pull data and install malicious software. If the NSA and GCHQ are pursuing that capability, it could be one of the biggest threats unearthed by Snowden so far.

 

Our earlier report focused on the Ki keys, used to encrypt traffic between the phone and the tower — but this new attack uses a different set of keys known as OTA keys, short for "over-the-air." Each SIM card gets its own OTA key, typically used to remotely install updates. Manufacturers can send a binary text message directly to the SIM card, and as long as it's signed with the proper OTA key, the card will install the attached software without question. If those keys were compromised, it would give an attacker carte blanche to install all manner of spyware. Researcher Claudio Guarnieri, who's researched the Snowden documents extensively, says the OTA keys could make the Gemalto heist the most important news to come out of the documents so far. "It's scary," Guarnieri says. "If the NSA and GCHQ have obtained a large quantity of OTA keys, we're facing the biggest threat to mobile security ever."

 

 

==========

Ok... 2G SIM card does not have OTA keys. Only 3G up, USIM card has OTA keys.... One can do a lot of things with the OTA keys.

 

 

Our IDA is still on CNY holiday? [rolleyes]

 

 

↡ Advertisement
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...