You are perusing an article from the archives. Lately, we have gone through major updates. Therefore, it is possible that you will experience minor quirks in layout when reading older articles. To provide you an improved reading experience, we have started to clean our pearls from the past. Just keep reading.
Your sim card might be hacked.
But only if you use an old cellphone and make your calls through a 2G network.
If so, this means that the American intelligence service, NSA, or its British counterpart, GCHQ, might monitor your phone calls.
The hack was revealed by Edward Snowden, the NSA whistleblower, when he released documents from NSA, which detailed attacks on Gemalto, one of the world’s largest sim card manufacturers with one of the largest market shares in Finland.
“The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened,” Gemalto said in a bulletin.
“In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack.”
Here’s what the Finnish operators have to say about the security breach:
- The phone calls are mainly conducted in 3G and 4G networks. In addition, the data is transferred in 3G, 4G and LTE networks. (Jaakko Wallenius, the security manager at Elisa.)
- There are about a million Finns using sim cards provided by TeliaSonera. About 30-50 per cent of the cards are manufactured by Gemalto.
- TeliaSonera has been in contact with Gemalto. They have no reason to question Gemalto’s investigation. TeliaSonera has also conducted its own investigation and together with Gemalto’s findings they haven’t found any impact on their services. (A bulletin by TeliaSonera)
The Finnish Communications Regulatory Authority FICORA continues to assess possible impacts on Finnish users and investigates the information security procedures related to telecommunications operators’ handling of sim cards.
This information is used in the prevention of similar cases.