As reported, Gemalto today revealed the findings of its investigation against the reported NSA and GCHQ hack. The world s biggest SIM manufacturer has acknowledged that the spy agencies did hack its office networks, but denies that there was a massive theft of SIM encryption keys. Also Read - Hackers are successfully attacking Gmail, Yahoo Mail and ProtonMail by beating two-factor authenticationAlso Read - Gemalto issues public apology for Aadhaar data breach report
Gemalto issued a press release saying, Also Read - Tesla faces investigation from the Department of Justice over Elon Musk's claims to take the company private
The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened.
The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys.
The Dutch company further said that the spy operation was aimed at intercepting the encryption keys when they were being shipped from its production facilities to mobile operators. But it says that the breach had little effect, since they had deployed a secure transfer system back in 2010.
By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft.
In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack.
Gemalto further allayed fears saying that none of its products were impacted by this attack.
Last week, a bunch of documents released by whistle blower Edward Snowden revealed that NSA and Britain s GCHQ conducted joint operations to hack Gemalto and steal its encryption keys.
The agencies were said to have managed to harvest encryption keys burnt on SIM cards that are used to authenticate them on cellular networks. These keys enable the spy agencies to gather surveillance data from cellular networks and decrypt any conversation both voice and data at their leisure.