Gemalto, the SIM card maker that reportedly had its encryption keys stolen by the NSA and GCHQ, has claimed that its products are secure, despite apparent leaked NSA documents suggesting otherwise.
The Amsterdam-based company is putting on a brave, if defiant, face. In a statement issued today, it said initial investigations showed its products to be secure:
Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.
We’ll know more about those exact findings on Wednesday. The company has scheduled a press conference in Paris starting at 10:30 am local time that day, at which it will discuss its full investigation in more detail.
Gemalto reportedly produces over 2 billion SIM cards per year and works with more than 600 operators worldwide. The company admitted last week that it was unaware that British and U.S. spying agencies had penetrated its encryption, potentially allowing them to access information from millions of mobile users who have its SIM cards in their phones.
The Intercept, the news organization run by Glenn Greenwald and backed by Pierre Omidyar’s First Look Media, broke the news last week based on leaks from NSA whistleblower Edward Snowden.
The report, and others that followed it, prompted a backlash from Dutch PMs, who demanded further details, while privacy advocates weighed in on the importance of the leak.
Speaking to TechCrunch last week, the Electronic Frontier Foundations’ Mark Rumold said the disclosure was “incredibly significant.”
“NSA and GCHQ basically have the keys to decrypting mobile communications anywhere in the world, even without the participation of local communication carriers (which, even if not much, acts as some check on intelligence agency behavior). It’s the equivalent of these agencies having printed doorkeys for the front doors to millions or even billions of homes around the world, just in case they one day decided they needed to get in. Frankly, people should have no faith in the security of global mobile communications,” he added.
Gemalto may want to believe it can move on, but its business is already showing signs of issues. Australia’s telecom operators are investigating the revelations, and may order a mass recall of SIM cards in response to security concerns.
Mud sticks, and you’d imagine that it will take more than a self-prescribed ‘all clear’ from the company’s internal report to remove the doubt that will exist in the minds of the industry and consumers.