SIM maker plays down hack claims

Gemalto, the world’s largest maker of mobile SIM cards, said a preliminary company probe of sophisticated attacks against it in 2010 and 2011 showed British and US intelligence services “probably” hacked into its office networks.

Thu, 26 Feb, 2015 - 00:00

It said the suspected attacks by the US National Security Agency and Britain’s Government Communications Headquarters “probably happened”, but said the intrusions “only breached its office networks” and “could not have resulted in a massive theft of SIM encryption keys”.

The Franco-Dutch firm was responding to a report by investigative news site The Intercept, which last week published documents it said showed that US and British spies hacked into Gemalto, potentially allowing them to monitor the calls, texts, and emails of billions of mobile users around the world.

Gemalto said the spy operation aimed to intercept the encryption codes needed to unlock security SIMs while the modules were shipped from its production facilities to mobile network operators worldwide.

However, the company argued that the break-ins were limited to rare exceptions, that they were likely to only have affected older model phones that are widely used in emerging markets, and that other Gemalto products for secure financial payments were unaffected.

“By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft,” it said.