Few people had heard of Gemalto, the world's largest manufacturer of sim cards, until February 19th, when a story on the Intercept, a website, put it at the centre of the latest internet-security scandal. The story, based on documents from Edward Snowden, a former employee of America's National Security Agency, said that spies at gchq, Britain's equivalent to the nsa, had stolen hundreds of thousands of the encryption keys hard-coded into Gemalto's sim cards, which are specialised chips that identify phones to phone networks. Armed with the keys, decrypting conversations and data from the phones in which they were installed would be trivial. In an announcement made on February 25th Gemalto said that spies probably had tried to penetrate its systems but that there had been no "massive theft of sim encryption keys". Security experts were sceptical, for a number of reasons: less than a week seems rather quick for such an investigation; government hackers are pretty good at this sort of stuff; and the gchq documents provided by Mr Snowden explicitly talk of a "vast quantity of product".
展开▼
