Each passing leak from former National Security Agency (NSA) contractor Edward Snowden seems to paint a darker picture of the state of privacy and data security in the United States, and the world at large. At this point we’ve heard about mass surveillance of nude Webcam chats, the NSA tapping international leaders’ phones, mass metadata collection, spies pretending to be Facebook to infect computers, and countless other programs. Now, an even more frightening Snowden leak has appeared on the Intercept.
The NSA and GCHQ have had access to the vast majority of cell phone communications around the world since 2010.
Updated on 02-25-2015 by Malarie Gokey: Added statement from Gemalto, acknowledging that its systems were targeted by unknown hackers. The report also denies that the hackers were successful in spying on users through Gemalto’s SIM cards.
In other words, the NSA and GCHQ have had access to the vast majority of cell phone communications (even encrypted communication) around the world since 2010. They’ve listened to your phone calls; they’ve read your texts; and they’ve almost certainly monitored the websites you’ve visited on your mobile devices.
To make matters worse, the same hacked company that makes SIM cards also makes the chips that are embedded into your next-generation credit cards and next-generation passports.
Here’s everything you need to know about how these agencies pulled off this massive hack without anyone noticing, who they targeted, and how to protect yourself from surveillance.
How does the security of a SIM card work?
Every single text sent, call made, and website accessed on a mobile device is secured via an encrypted connection between the SIM card that’s installed on the device and the wireless carrier’s network. Important information such as your phone number, text messages, and other personal content is often stored on the SIM itself, so that the carrier can identify and distinguish your phone from all the others on its network. The keys for the encryption of all your most personal data are stored on the SIM card itself and given to the wireless network. SIMs play the same function as social security numbers — They identify their users. SIMs were never intended to be used to secure information, but that’s exactly what they have become.
When a SIM card is manufactured, an encryption key called the “Ki,” is burned onto the chip. The SIM card manufacturer gives the same Ki to the wireless network, so they can identify that particular phone. Before the phone can connect to the wireless carrier’s network, it uses the Ki on the SIM to authenticate its identity with the carrier. The phone gives what’s called a “handshake” to confirm that the Ki on the SIM is identical to the one the carrier has on file. Once the Ki have matched up, all communication between the phone and the network is encrypted, including calls, texts, and Internet access.
Supposing the GCHQ or NSA tried to intercept your phone’s signal as it moved through the air, any data the agencies picked up would be encrypted, and therefore useless to them. They’d have to decrypt it, which takes a lot of time and money, making it impossible to surveil on a mass scale. The only way for these agencies to access millions of peoples’ data all at once was to steal the encryption keys to millions of SIM cards, and that’s just what the NSA and GCHQ did.
How did the NSA and GCHQ intercept the encryption keys?
To understand how the NSA and GCHQ intercepted the encryption keys, it’s important to understand who provides and encrypts the SIM cards in the first place.
The U.S. and U.K. governments stole the encryption keys from the company that makes around 2 billion SIM cards a year.
Gemalto also happens to be the SIM card manufacturer that the NSA and GCHQ hacked.
GCHQ hackers didn’t break into Gemalto in person — They did it remotely remotely through the company’s computer network to steal the encryption keys for massive numbers of SIM cards all at once, as they were on their way to the carriers. The hackers were able to collect the keys in bulk thanks to the very insecure way Gemalto sent the keys to carriers. Gemalto sent the master key files to carriers over email or through File Transfer Protocol (FTP). Sometimes no encryption was used to protect the keys at all, making them easy pickings for the hackers.
The agencies used the NSA’s X-Keyscore program to access private email and Facebook accounts of engineers, employees of major telecom companies, SIM card manufacturers, and people from Yahoo and Google in search of the keys. Specific companies and employees were targeted, based on how many keys they could provide. By 2010, the GCHQ had figured out a way to maximize the number of keys stolen in one shot to frightening levels. It all escalated very quickly.
“In one two-week period, the team accessed the emails of 130 people associated with wireless network providers or SIM card manufacturing and personalization. This operation produced nearly 8,000 keys matched to specific phones in 10 countries,” the Intercept writes. “In another two-week period, by mining just six email addresses, they produced 85,000 keys. At one point in March 2010, GCHQ intercepted nearly 100,000 keys for mobile phone users in Somalia. By June, they’d compiled 300,000 … A top-secret NSA document asserted that, as of 2009, the U.S. spy agency already had the capacity to process between 12 and 22 million keys per second for later use against surveillance targets.”
Privacy and security experts told the Intercept that stealing these SIM card encryption keys is “tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment.”
Christopher Soghoian, the principal technologist for the American Civil Liberties Union, explained that not only can the agencies use the keys to access future communications, they can look back at older ones, too.
“Key theft enables the bulk, low-risk surveillance of encrypted communications,” Soghoian said. “Agencies can collect all the communications and then look through them later. With the keys, they can decrypt whatever they want, whenever they want. It’s like a time machine, enabling the surveillance of communications that occurred before someone was even a target.”
For its own part, Gemalto is investigating the claims and is severely disturbed by the idea that its secure technology is being used to spy on innocent people. The company issued a statement on its website, which says. “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques. ”
What does the SIM card maker say about the hack?
SIM card maker Gemalto is currently investigating the hack, but it says the preliminary results indicate that its SIM products like banking cards, passports, and “other products” are secure. The company did not initially note whether or not its SIM cards that were built for mobile phones are safe or not. However, its follow up statement on February 25 confirms that although hackers targeted its system aggressively during the dates mentioned in the Snowden leaks, the hackers were not successful in their attempts to infiltrate Gemalto’s SIM cards. As such, the SIM card maker claims that the NSA and GCHQ cannot spy on users’ communications through the Gemalto SIM cards on their phones.
The company referred to two specific attacks on its network:
- June 2010: Found evidence that a third party was trying to spy on the office network of one of the company’s French sites. The office network is typically used by employees to communicate with each other and people outside of the company. Gemalto took action to stop the spying quickly.
- July 2010: Hackers sent emails to one of Gemalto’s mobile operator customers using fake Gemalto email addresses, pretending to be employees of the SIM card maker. The fake emails came with an attachment that could download malicious code. Gemalto told its customer of the attack and alerted the authorities, as well.
- 2010: Gemalto discovered several attempts to access its employees’ PCs, especially those who often spoke with customers like mobile service providers and so on.
“At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation,” Gemalto stated. “These intrusions only affected the outer parts of our networks — our office networks — which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks. It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data.”
In conclusion, Gemalto believes that although its network was definitely targeted and even infiltrated to some extent, its SIM cards are safe and no encryption keys were stolen by either agency. The company stated that it had already enacted stronger security measures to protect its networks — especially those in Pakistan, which were targeted more heavily — before the hacks even occurred.
“While the intrusions described above were serious, sophisticated attacks, nothing was detected in other parts of our network,” Gemalto said in a statement. “No breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks.”
Gemalto explained that while SIM cards used on 2G networks could easily be hacked, those of 3G and 4G networks could not have been infiltrated. As such, the NSA and GCHQ’s main targets in Africa, the Middle East, and parts of Asia may have been spied on via their SIM cards, assuming they were on 2G networks. Meanwhile, the U.S. and Europe, which mainly use 3G or 4G networks, would have been safe.
“If someone intercepted the encryption keys used in 3G or 4G SIMs they would not be able to connect to the networks and consequently would be unable to spy on communications. Therefore, 3G and 4G cards could not be affected by the described attack,” Gemalto stated. “However, though backward compatible with 2G, these newer products are not used everywhere around the world as they are a bit more expensive and sometimes operators base their purchasing decision on price alone.”
Additionally, Gemalto says it never sold SIM cards to four of the 12 carriers listed in the leaked documents, one of which was the Somali carrier that reportedly had 300,000 keys stolen. The SIM card maker also didn’t have SIM card personalization centers in Japan, Colombia, and Italy. during the time of the hacks. To further reassure its customers and mobile users around the world, Gemalto reiterated the security standards its SIM cards are expected to meet and stated that third-party security experts even vet its products before they reach customers.
You can read the company’s full report on its website.
What are carriers doing about the hack?
Although Gemalto claims that there is nothing to worry about, mobile carriers around the world are investigating the security of SIM cards from Gemalto on their own. According to the Daily Mail, Australian carriers Optus and Telstra are already investigating the situation, and may even consider a mass recall of SIM cards from Gemalto if the results hint that its users’ SIM cards are vulnerable. Both carriers said they are in communication with Gemalto and are awaiting further news before taking any drastic steps.
Vodafone, a network that operates in Europe, Africa, Asia, Australia, and elsewhere confirmed that it, too, is investigating the SIM card hack claims. Meanwhile, Japanese carrier NTT DoCoMo’s spokesman Takashi Itou told Reuters that the carrier “will consider any necessary steps based on the results of our investigation,” but didn’t say whether it would issue a recall.
As of yet, no American carrier has commented on the SIM card hack allegations.
Are my phone and credit cards safe?
It’s unclear exactly how many SIM cards the NSA and GCHQ have the encryption keys for. However, based on the staggering number of keys collected in the short span of time documented in Snowden’s leaks, it’s more than likely that many of the phones around the world hold SIM cards that have been infiltrated by these agencies. Of course, unless you’re a lawbreaker or a suspect in some terrible crime, the agencies are probably not actively looking at all your data. That said, they can access it at any time if they have your SIM card’s key, which is incredibly disconcerting.
When it comes to your credit card, it’s unclear whether the NSA or GCHQ will access those keys, or what they will do with them if they did. Theoretically, they could perhaps track your purchase history though them, but nobody knows if they are doing that. The Intercept article and the documents it references don’t mention the implications of the credit card chips provided by Gemalto. However, the passport chips made by Gemalto are not encrypted by Gemalto, but rather by the passport office, so those, at least, might be safe from surveillance.
What can I do to protect myself?
You can always use secure apps for email and messaging that use “Transport Layer Security (TLS), the mechanism underlying the secure HTTPS Web protocol.” Email apps that come standard on Android phones and iPhones support TLS, and so do Yahoo and Google, so if you’re emailing over those apps, you’ll have some degree of protection from SIM-key-enabled surveillance. Messaging apps like TextSecure and Silent Text are also secure for texting, while Signal, RedPhone, and Silent Phone will encrypt your calls.
Of course, if the government identifies you as a target, they can still directly target those communications and work to decrypt your data.
“We need to stop assuming that the phone companies will provide us with a secure method of making calls or exchanging text messages,” says the ACLU’s Soghoian.
Beyond using encrypted apps, you can’t really do much yet, other than email your government representatives and fight to shut down NSA programs like this one and the others revealed by Snowden.
However, there is a lot that companies can do to protect themselves and their users. A new form of encryption called Perfect Forward Security (PFS) was designed specifically to protect users from the worst parts of SIM-key-enabled surveillance. PFS is built into many Web browsers, Google, and Twitter. The system generates a unique encryption key for every call, text, and piece of data. That key is later discarded and not reused. Since the new keys can be created very minute, hour, or day, there’s no backlog of communications for spies to look back on retrospectively. They only gain access to that one kernel of information from that one key.
“Because cellphone communications do not utilize PFS, if an intelligence agency has been “passively” intercepting someone’s communications for a year and later acquires the permanent encryption key, it can go back and decrypt all of those communications,” the Intercept explains, adding that, “If mobile phone networks were using PFS, that would not be possible — even if the permanent keys were later stolen.”
Unfortunately, carriers and other technology companies have yet to adopt this approach. As such, anyone whose SIM encryption key has been stolen is now vulnerable to the NSA and GCHQ’s surveillance.
For more info, check out the Intercept’s article and the documents that accompany it.