SIM Cards Still Safe Unless You Use 2G

by Paul Davies, February 25, 2015

Gemalto Claim SIM Cards Still Safe After NSA Hack – Unless You Use 2G

When global giant Gemalto came out earlier this week and said it believed the NSA and GCHQ had made at least two attempts to hack into its network and steel vital encryption keys, it insisted that mobile data transfer was still intrinsically secure. However, following a more in-depth report released this morning, it may be that many mobile users should still be concerned.

Who are Gemalto?

Based in Amsterdam, Gemalto are the largest SIM card producer in the world. With products covering mobile phone SIM cards, as well as encrypted banking cards and passport chips, security in their production methods is absolutely vital for the private transfer of mobile data across the world.

And with more than 2 billion SIM cards produced every year, if you have at least one mobile device in your home, you probably use a Gemalto product.

The History of the Attack

Following yet more revelations from Edward Snowden, it was alleged that both American and British intelligence agencies have been attempting to penetrate the Gemalto network for some time in order to gain access to mobile communication across the world.

And though Gemalto initially refuted all knowledge of these attacks, on Monday, the company released a statement confirming that there have been at least two instances of network penetration that they believe could have been caused by either US or British spying agencies.

It has come to light that in June 2010, a third party attempted to gain access to the office network of a French based site within Gemalto. But as soon as the breach was identified, the threat was removed.

And then again in 2011, malware was sent into the company via a fake email account pertaining to be from a legitimate Gemalto source, in order to penetrate their security protocols.

It is also been claimed that attempts had been made to access several employee laptops directly with the intention of extracting vital information.

And though Gemalto have been unable to prove categorically that the perpetrator originated from within an international government agency, all evidence does seem to suggest that this is the case.

The After Effect

After assuring the public, and their international corporate clients, that all Gemalto products remain secure, the actual extent of the intrusion is still very much unknown.

Though Gemalto have claimed that there has been no ‘massive theft of SIM encryption keys’ they have not actually come out and stated just how many keys have been stolen. And though the company stated that it would be impossible to gain access to mobile data on 3G or 4G networks with such data, this does leave 2G network users very much involved.

Who Still Uses 2G?

Though most of us will assume our mobile devices now use either a 3G or 4G signal, the 2G system is still in operation in the UK and across the world.

In the UK alone, AT&T estimated in 2012, that 12% of their customer base still used the 2G network on a continuous basis and in more developing countries, the SIM cards themselves are still very much in operation.

In the past 2G has been seen as the most reliable network, and though most mobile phone producers have stopped making 2G phones, the second hand market for such devices in some region is still active.

How Important Are These Revelations?

The revelations made by Gemalto this week are likely to have far reaching effects across the mobile and data transfer industry.

Though Gemalto have been quick to confirm that it is ‘business as usual’, key global clients are already starting to carry out their own investigations into the viability of using such security devices in the future.

In Australia, Vodafone, Telstra and Optus have all confirmed that they use Gemalto SIM cards within their products and are now looking to understand the implications of the allegations that have been made. And until there is greater information on the extent of the hacks and exactly what the implications will be to worldwide data security, the level of damage caused by these latest reports cannot be fully assessed.

What You Can Do To Protect Yourself

The first consideration for any mobile user has to what kind of mobile network you are operating on. If you are reliant on 2G then now is probably the time to consider an upgrade.

As with all online devices, a key way to maintain your security is to keep your software and hardware up to date with the latest technology and ensure you have as much protection as possible at all times. However, for many business practices, it won’t be as simple as just upgrading handsets.

The amount of business information that still depends on 2G data transfer is significant and therefore further investigation is required to see what weaknesses such a violation has caused. Ultimately, if the NSA have been able to infiltrate security protocols then others will be looking to do the same. And without a thorough audit of your online security protocols, it will not be possible to understand where the weaknesses are.

Furthermore, make sure your mobile devices are as protected from online attack as your stationary devices are.

A high quality product from Easy-Hide VPN will not only ensure provide your static computers with online defence, but it can also cover transportable devices and mobile phones. This will hide IP addresses and keep your online activity separate from your physical identity.

The Future for Gimalto

Gemalto have confirmed that all security breaches occurring within the time period stated were limited to the outer levels of their network, and therefore did not penetrate the core areas that process SIM activity.

Furthermore, they have stated that some of the claims of widespread key theft made by countries such as Somali and Pakistan are completely false, disputing that the organisation even supplied such services to the companies named. However, until Gemalto come out and specify exactly what encryption keys have been stolen and what countries have been effected, the question mark hanging over this company’s security is not going to go away any time soon.