Why the NSA SIM hack might be far more serious than you think

Chris Smith

February 25, 2015 at 6:50 AM

A few days ago, a report revealed that spy agencies including the NSA and GCHQ, managed to bypass the security of SIM card manufacturer Gemalto and gain access to valuable encryption keys that protect cellphone signals. Even though Gemalto denied the reports, but The Verge points out that the hack might be more serious than initially believed, as it could give agencies the ability of infecting any phone using these specific SIM cards with additional spyware programs.

FROM EARLIER: Bombshell report reveals the NSA has stolen encryption keys for millions of SIM cards

Access to these encryption keys do not give governmental agencies only the power to monitor cellular communications, including calls and data, but they also come with additional perks, such as the power of instructing a device to install specific programs.

Spyware could be installed on the SIM card itself, and then it could be used to install additional spy apps on a phone without the user’s knowledge, or to retrieve data from it.

The NSA and GCHQ could use OTA keys — basically keys that let carriers push over-the-air updates to phones — in order to tell a phone to install a certain piece of software. OTA keys provide total access to a phone, and even allow agencies to delete any trace to suspicious OTA updates, making the spyware “completely hidden from the user,” as one security researcher has revealed.

Previous leaks have revealed certain malware apps that could take advantage of SIM exploits, allowing the NSA to grab location data through hidden SMS messages (see image below) and pull additional information including phone book, text and call logs from a device — though, at the time, the leaked presentations did not explain how the SIM malware would be delivered.

The NSA and GCHQ had full access to Gemalto’s network, last week’s report revealed, meaning they could have stolen OTA keys for later use.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Why the NSA SIM hack might be far more serious than you think

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Former NBA guard Darius Morris dies at 33

Report: Suns fire head coach Frank Vogel after 1st-round playoff sweep, eyeing Mike Budenholzer as replacement

2024 Fantasy Football Mock Draft, 1.0

Six quarterback situations to worry about & three that are on the precipice | Zero Blitz

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Fantasy Baseball Weekend Preview: Get ready for some offense

What's wrong with the Denver Nuggets? | Devine Intervention

Recession-proof stocks are leading the market's latest leg higher

2024 NFL Team Fantasy Football Power Rankings, 1.0

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

Nintendo finally confirms the Switch 2 is on the way