In a new report on some of the confidential documents leaked by former NSA contractor Edward Snowden, The Intercept wrote that operatives from both the National Security Administration (NSA) and the British Government Communications Headquarters (GCHQ) joined forces in April 2010 to crack mobile phone encryption. The Mobile Handset Exploitation Team (MHET) succeeded in stealing untold numbers of encryption keys from SIM card makers and mobile networks, specifically Dutch SIM card maker Gemalto, one of the largest SIM manufacturers in the world. Gemalto produces 2 billion SIM cards a year, which are used all over the world.
Although the SIM card in a cell phone was originally used to verify billing to mobile phone users, today a SIM also stores the encryption keys that protect a user’s voice, text, and data-based communications and make them difficult for spies to listen in on. The mobile carrier holds the corresponding key that allows the phone to connect to the mobile carrier’s network. Each SIM card is manufactured with an encryption key (called a “Ki”) that is physically burned into the chip. When you go to use the phone, it “conducts a secret ‘handshake’ that validates that the Ki on the SIM matches the Ki held by the mobile company,” The Intercept explains. “Once that happens, the communications between the phone and the network are encrypted.”
Using a fake cell tower and holding SIM encryption keys, spies are able to listen into conversations over mobile networks without asking the courts for permission for a wiretap. The method is also difficult to trace, so risk of discovery is low.
Read 5 remaining paragraphs | Comments

Leave a Reply