The Intercept ha rivelato come NSA e GCHO (l’omologa britannica) siano entrate in possesso delle chiavi di sicurezza delle SIM prodotte da Gemalto — chiavi che vengono utilizzate per criptare ogni conversazione e dato scambiato su rete mobile:
American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data. […]
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
Gemalto produce circa 2 miliardi di SIM l’anno, per circa 450 diversi operatori. Fra questi c’è TIM. Peggio ancora: Gemalto produce anche chip NFC — in uso su tessere, carte di credito e passaporti elettronici.
(Via Daring Fireball)