When word of a savvy hack conducted by agents of two intelligence agencies against SIM maker Gemalto broke yesterday, company representatives seemed to be caught completely off-guard. Now, with egg on its face and a security backlash in the offing, Gemalto’s publicly pledging to look into The Intercept’s scary allegations.
“We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,” the company’s statement reads. “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.”
It was only a matter of time before Gemalto decided to get to the bottom of the things, but plenty of damage has already been done. Starting in 2010, a group of agents from the NSA and Britain’s Government Communications Headquarters kicked off a subtle cyberattack against Gemalto (and some of its biggest SIM-making rivals) in a bid to find the encryption keys that keep our mobile communications secure. Normally, those keys are only stored in two places: right on your phone’s SIM card and in a data center controlled by your wireless carrier, which means they’re out of reach to intelligence agencies unless they go through the hassle of getting strong legal justification to get them.