Telstra, Optus + Vodafone SIM Cards Hacked, Millions Face Recall
The agencies which included the NSA in the USA and Britain’s Government Communication Headquarters (GCHQ), hacked into Gemalto’s IT systems to obtain the encryption keys of SIM cards it manufactured, giving them access to personal content stored on SIMs, such as data, text and even listening in on phone calls.
More than 20 million Gem alto SIM cards are believed to be in circulation in Australia.
SmartHouse has been told that both agencies also supplied commercially sensitive trading information to Government trade organisations trying to win contracts for British and US Companies.
Neither intelligent agencies obtained warrants to hack into the SIM card data.
The online publication, which is dedicated to reporting on documents leaked by former National Security Administration (NSA) whistle-blower Edward Snowden, published claims that the NSA, along with Britain’s Government Communication Headquarters (GCHQ), hacked into Gemalto’s IT systems.
Now Telstra, Optus and Vodafone are trying to work out whether they will have to recall over 20 million SIM cards in Australia.
Australia’s three major Telco’s confirmed to Fairfax Media on Monday they each sold SIM cards produced by the hacked Dutch company Gem alto, as well as SIMs manufactured by other companies.
Fairfax said that none was forthcoming on whether or not they would issue replacement SIMs to customers in the event of them being affected by the hack, pending further advice from Gem alto and authorities as they carried out their investigations.
The keys allow the security services to decrypt voice communications sent between a mobile phone and a mobile mast, which carries the call to the recipient. To pick up the call they can use an aerial placed in the vicinity of the caller. They will have to be relatively close to the mobile phone user, but an aerial could be placed anywhere and would not have to be visible.
Observers claim that the intelligence services would have breached Dutch law. If the keys are used to listen into conversations, it is likely to be a violation of data protection laws in most countries.
The UK Guardian said that the revelations of the hack come from the NSA files supplied by Edward Snowden and reported on by Glen Greenwald’s The Intercept. The files reveal the extent of the breach and that Gem alto was targeted by the Mobile Handset Exploitation Team (MHET), a unit formed by the NSA and GCHQ in April 2010 to target vulnerabilities in mobile phones.