Dutch SIM card manufacturer Gemalto has published the findings of its internal investigation into the alleged hacking of SIM card encryption keys by GCHQ and NSA.
Gemalto admitted that it had detected sophisticated intrusions in 2010 and 2011, but that they only “breached its office networks” and that they "could not have resulted in a massive theft of SIM encryption keys".
The statement also pointed out that they had never sold SIM cards to “four of the twelve operators listed in the documents, in particular to the Somali carrier where a reported 300,000 keys were stolen.”
Even if the keys were stolen, Gemalto also maintained that intelligence services would only be able to spy on 2G mobile networks, as 3G and 4G connections aren’t susceptible to such attacks.
“By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft”, the statement said.
Gemalto’s statement was in response to a report last week published by The Intercept, which claimed that the GHHQ and NSA could seamlessly eavesdrop on mobile phones worldwide. The claims were backed by documents provided to the publication by NSA whistleblower Edward Snowden.