Gemalto deny they were specifically targeted in UK USA spy SIM hack

Gemalto has said that it especially vigilant against malicious hackers and is unable to prove a link between past hacking attempts and what has been recently reported.

In a statement, the SIM card manufacturer said that reports were incorrect that attacks were targeted at Gemalto, and instead efforts were made “to try and cast the widest net possible to reach as many mobile phones as possible”.

It said it was unable to verify findings, as it had no prior knowledge that intelligence agencies were conducting this operation.

“Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years,” it said.

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.”

In the story, which was revealed by The Intercept, it was revealed that intelligence agencies from the USA and UK hacked into the internal computer network of Gemalto to steal encryption keys used to protect the privacy of cellphone communications across the globe. Documents provided by whistleblower Edward Snowden said that the hack was enabled by a joint unit consisting of operatives from the NSA and GCHQ, and gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

Gemalto completed the acquisition of security vendor Safenet last year.

Ken Westin, senior security analyst at Tripwire, said: “The real issue here is that this appears to be done illegally with little oversight or transparency. As Governments pass laws to crack down on criminal hackers, we are learning that they in many respects are hypocrites, as such the law needs to provide protections both ways, to both protect citizens from criminal hackers, as well as our own Governments.

“This is critical not only to protect citizens, but also business, as a core component of business is trust. Mobile phone manufacturers, carriers all the way down to app developers require consumer trust in order to sell their products, as people need to know their communications are private. When the entire system is subverted it raises a lot of challenges for business moving forward.

“Mobile phone developers will need to take this latest revelation into account when they are building systems and will have to add additional layers of security into their systems to help reestablish that trust for their customers.”

The post Gemalto – We were not targeted, and devote all resources to investigate reports appeared first on IT Security Guru.