SIM maker Gemalto says no evidence of mass encryption theft

Before you go, we thought you'd like these...
20 PHOTOS
NSA, hacking, Snowden, CIA, general
See Gallery
SIM maker Gemalto says no evidence of mass encryption theft
A man crosses the Central Intelligence Agency (CIA) logo in the lobby of CIA Headquarters in Langley, Virginia, on August 14, 2008. AFP PHOTO/SAUL LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images)
FILE - In this file image made from video released by WikiLeaks on Friday, Oct. 11, 2013, former National Security Agency systems analyst Edward Snowden speaks during a presentation ceremony for the Sam Adams Award in Moscow, Russia. Snowden was awarded the Sam Adams Award, according to videos released by the organization WikiLeaks. The award ceremony was attended by three previous recipients. (AP Photo, File)
The Central Intelligence Agency (CIA) logo is displayed in the lobby of CIA Headquarters in Langley, Virginia, on August 14, 2008. AFP PHOTO/SAUL LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images)
WASHINGTON, DC - APRIL 02: Detail of the cufflinks of former Deputy CIA Director Michael Morell as he testifies before the House Select Intelligence Committee April 2, 2014 in Washington, DC. The committee heard testimony on the topic of 'The Benghazi Talking Points and Michael J. Morell's Role in Shaping the Administration's Narrative.' (Photo by Win McNamee/Getty Images)
WASHINGTON, DC - APRIL 02: Former Deputy CIA Director Michael Morell is sworn in prior to testimony before the House Select Intelligence Committee April 2, 2014 in Washington, DC. The committee heard testimony on the topic of 'The Benghazi Talking Points and Michael J. Morell's Role in Shaping the Administration's Narrative.' (Photo by Win McNamee/Getty Images)
A picture taken on February 25, 2015 shows the logo of Gemalto in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)
Visitors gather in the Gemalto NV pavilion at the Mobile World Congress in Barcelona, Spain, on Wednesday, Feb. 27, 2013. The Mobile World Congress, where 1,500 exhibitors converge to discuss the future of wireless communication, is a global showcase for the mobile technology industry and runs from Feb. 25 through Feb. 28. Photographer: Simon Dawson/Bloomberg via Getty Images
Gemalto CEO Olivier Piou (C) arrives for a press conference on February 25, 2015 in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)
Gemalto CEO Olivier Piou (C) gives a press conference on February 25, 2015 in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)
Gemalto CEO Olivier Piou shows a cell phone sim card before a press conference on February 25, 2015 in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)
BERLIN, GERMANY - JANUARY 29: Symbolic photo for data protection, reflection of the seal of the National Security Agency in a computer hard drive on January 29, 2015 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)
Michael Rogers, director of the U.S. National Security Agency (NSA), speaks during an interview in New York, U.S., on Thursday, Jan. 8, 2015. The hacking attack on Sony Pictures Entertainment is prompting U.S. officials to rethink when the government should help private companies defend against and deter digital assaults, Rogers said. Photographer: Victor J. Blue/Bloomberg via Getty Images
Visitors chat near a reception desk at the Gemalto NV promotional stand on the opening day of the Mobile World Congress in Barcelona, Spain, on Monday, Feb. 27, 2012. The Mobile World Congress, operated by the GSMA, expects 60,000 visitors and 1400 companies to attend the four-day technology industry event which runs Feb. 27 through March 1. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
NSA leaker Edward Snowden appears on a live video feed broadcast from Moscow at an event sponsored by the ACLU Hawaii in Honolulu on Saturday, Feb. 14, 2015. (AP Photo/Marco Garcia)
An employee displays a Gemalto NV M2M quad sim card at the Mobile World Congress in Barcelona, Spain, on Wednesday, Feb. 27, 2013. The Mobile World Congress, where 1,500 exhibitors converge to discuss the future of wireless communication, is a global showcase for the mobile technology industry and runs from Feb. 25 through Feb. 28. Photographer: Simon Dawson/Bloomberg via Getty Images
GERMANY, BONN - DECEMBER 12: Symbol photo of a computer hard drive with the logo of the National Security Agency (NSA), on December 12, 2014 in Bonn, Germany. (Photo by Ulrich Baumgarten via Getty Images)
WASHINGTON, DC - NOVEMBER 20: Adm. Michael Rogers, commander of the U.S. Cyber Command and director of the National Security Agency, testifies during a hearing before the House (Select) Intelligence Committee November 20, 2014 on Capitol Hill in Washington, DC. The committee held a hearing on 'Cybersecurity Threats: The Way Forward.' (Photo by Alex Wong/Getty Images)
A photographer takes picture of U.S. President Barack Obama and Edward Snowden held by pro-democractic legislator Gary Fan Kwok-wai during a news conference in Hong Kong Friday, June 14, 2013. Two lawmakers in Hong Kong said on Friday that they had written to U.S. President Obama to try to persuade him not to bring charges against the former US intelligence contractor Snowden. Snowden revealed last weekend he was the source of a major leak of top-secret information on NSA surveillance, saying he was uncovering wrongdoing. He spoke to reporters from an undisclosed location in the semiautonomous Chinese territory of Hong Kong. (AP Photo/Kin Cheung)
The Central Intelligence Agency (CIA) logo is displayed in the lobby of CIA Headquarters in Langley, Virginia, on August 14, 2008. AFP PHOTO/SAUL LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images)
of
SEE ALL
BACK TO SLIDE
SHOW CAPTION +
HIDE CAPTION

SIM card manufacturer Gemalto has had a busy week.

Just days after news broke of state intelligence agencies allegedly stealing millions of its SIM card encryption keys, Gemalto says an internal audit has found no such evidence.

Gemalto said it suspects the National Security Agency and its British counterpart, the Government Communications Headquarters, hacked its systems as far back as 2010 but only "breached its office networks." The company says there was no large-scale theft of SIM encryption keys.

The company is one of the world's largest producers of SIM cards. Each year it sends 2 billion chips to telecom providers all over the world, including the big stateside carriers.

The little cards can store data, like messages or apps. They're used for mobile payments in some areas and, critically, each one carries an encryption key known as a "Ki," which is physically burned into the structure of the chip and used for communicating with telecom networks.

A report in The Intercept cited documents from Edward Snowden's archive of leaks. It alleged the NSA and GCHQ had extracted millions of these Kis back in 2010.

But Gemalto says by then, it "had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft."

"In other words," writes a skeptical GigaOM, "Gemalto does it right (most of the time) while other suppliers may not have been so cautious."

Journalists, security experts and Twitter watchers alike aren't convinced it's quite that open-and-shut. For one thing, six days is a fast audit, especially when the NSA is a suspect.

As one security researcher asked Forbes: "Do they seriously believe they can conduct an investigation uncovering the truth in less than a week? This is a rush job to placate shareholders. Hopefully, they will keep investigating."

But Gemalto says it doesn't plan to issue further updates on the matter "unless a significant development occurs.​"

Read Full Story

People are Reading