SIM card manufacturer Gemalto has responded to claims made last night that its security was compromised and that the encryption keys of millions of SIM cards were stolen by British security service GCHQ.
In a statement, Gemalto has pointed out that a number of SIM card makers were targeted by GCHQ in its attempt to compromise mobile communications around the world.
The company admitted, however, that it failed to detect the security breaches –which leaked documents indicate occurred in 2010 and 2011, but may have continued until the present – and that it has only just opened an investigation to find out how the breach occurred and the extent of the thefts.
“The target was not Gemalto per se. It was an attempt to try to cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators’ and users’ consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,” claimed the company in its statement.
It added: “Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday.
“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.”
The attack by GCHQ against SIM card manufacturers, which leaked documents appear to show were successful against Gemalto, may have ended up compromising the security of mobile phones used across Europe – including the UK networks of Vodafone, O2, EE and possibly Three UK.
Computing is awaiting confirmation from those companies about who supplies its SIM cards.