NSA, GHCQ Implicated In SIM Encryption Hack 155
First time accepted submitter BlacKSacrificE writes Australian carriers are bracing for a mass recall after it was revealed that a Dutch SIM card manufacturer Gemalto was penetrated by the GCHQ and the NSA in an alleged theft of encryption keys, allowing unfettered access to voice and text communications. The incident is suspected to have happened in 2010 and 2011 and seems to be a result of social engineering against employees, and was revealed by yet another Snowden document. Telstra, Vodafone and Optus have all stated they are waiting for further information from Gemalto before deciding a course of action. Gemalto said in a press release that they "cannot at this early stage verify the findings of the publication" and are continuing internal investigations, but considering Gemalto provides around 2 billion SIM cards to some 450 carriers across the globe (all of which use the same GSM encryption standard) the impact and fallout for Gemalto, and the affected carriers, could be huge.
I think I speak for everyone when I say (Score:1, Insightful)
Re:I think I speak for everyone when I say (Score:5, Funny)
Re:I think I speak for everyone when I say (Score:5, Funny)
Re: (Score:2)
Is that recursion?
Or will it be?
Re: (Score:2)
Re: (Score:2)
jesus fucking christ.
You speak for everyone?
Please. You speak for 5% of the planet. The other 95% is far too apathetic to give a shit.
Tough to believe the IDGAF factor is that high when it comes to privacy? OK, let me know how many millions of people around the planet refuse to carry a cell phone next month when this hits the evening news.
Re: (Score:1)
Not just apathy. Most people actively endorse it with their votes. The dirty little little secret is that most people are very authoritarian, and it shows.
Re: (Score:3)
Re: (Score:1)
The thing is that it is our issue, not the state's. The state is 'just following orders'.
Fallout? (Score:5, Insightful)
the impact and fallout for Gemalto, and the affected carriers, could be huge.
Why is it that the fallout is centered on these companies, instead of on the NSA and GHCQ? Why are these criminal enterprises masquerading as government agencies so completely above the law?
Re:Fallout? (Score:5, Insightful)
It would be nice to know who will pay the damages or that NSA and GHCQ can just destroy businesses as they please.
Re: (Score:3, Insightful)
sadly i think we get to see option 2 play out
Re:Fallout? (Score:4, Insightful)
or create businesses without public bidding process, selling dubious equpment to them, for which they provide the possibility to manufacture them..
oh wait they can and will and have done exactly that.
Re:Fallout? (Score:4, Insightful)
Belgian telecoms companies have already started legal proceedings against GCHQ. I hope Gemalto do as well. Even if it comes to nothing it's still one of the best (only) options we have to try to control them.
I don't care, I have a Jolla... (Score:2)
whoo, obvious misinformation! (Score:2)
Be sure to complain about trend ridiculous spy movie plots failing to be as ridiculous as our current reality. Demand a full refund, and damages inflicted due to boredom.
Re: (Score:2, Funny)
Re: (Score:1)
It should be obvious... You will.... Why the surprised look?
Re: (Score:2)
Re: (Score:2)
It would be nice to know who will pay the damages or that NSA and GHCQ can just destroy businesses as they please.
a) the businesses that were hacked or
b) the taxpayers
Until enough people get off their fat asses and do something about the situation, which doesn't seem likely to happen before the US falls back to the middle ages.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
With *our signing keys.
I've absconded without your signing keys dozens of times already. And I'm bloody skint. :-)
Re: (Score:2)
In the case of this SIM hacking, it appears that the current model involves Kis being transmitted(mostly insecurely) to Gemalto and then burned in. This is an obvious weakness compared to having the high-value keying material generated on-SIM and never leaving, ever, short of a direct attack on the chip. Doesn't mean that th
Re:Fallout? (Score:4, Interesting)
Maybe so but we are supposed to live in a society of laws, both here in the States and in Europe. The US governments general position is Americans are always subject to American laws, and nobody is supposed to be above the law. . Kevin Mitnick did essentially the same thing, called up a manufacturer social engineered them into giving him information. The FBI was certainly on his ass, the federal prosecutors certainly pushed for and obtained a conviction.
These guys though? Nobody will even look into it on the prosecutorial side because these guys had an NSA badge on why the did it.
The Computer Fraud and Abuse Act is found at 18 U.S.C. 1030. Subpart (f) reads as follows:
This section [i.e., the Computer Fraud and Abuse Act] does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
There is the law, notice the lawfully authorized part? They are not entitled to do anything you and I can't do UNLESS they have a search warrant or there is some other law on the books specifically authorizing the activity. I doubt even the FISA court would have rubber stamped this one.
Re:Fallout? (Score:4, Interesting)
Re: (Score:2)
There is the law, notice the lawfully authorized part? They are not entitled to do anything you and I can't do UNLESS they have a search warrant or there is some other law on the books specifically authorizing the activity. I doubt even the FISA court would have rubber stamped this one.
They wouldn't need a search warrant outside the US for non-US citizens.
Re:Fallout? (Score:5, Interesting)
Certainly very true. Absolutely, NSA and GCHQ are at fault here.
However, these kinds of stories draw the attention of even the most idiotic of individuals. Those that only a few months ago were, without any consideration, spouting, "I don't care if the NSA sees everything I do or works to break into everything." must now stop and realize they were used and lied to, and that the work of these criminal organizations is directly damaging many companies. Various encryption or communication groups and companies have disappeared without any notice by the average person, but they will see the damage when it comes to their cell phones.
Re: (Score:2)
Certainly very true. Absolutely, NSA and GCHQ are at fault here.
However, these kinds of stories draw the attention of even the most idiotic of individuals. Those that only a few months ago were, without any consideration, spouting, "I don't care if the NSA sees everything I do or works to break into everything." must now stop and realize they were used and lied to, and that the work of these criminal organizations is directly damaging many companies. Various encryption or communication groups and companies have disappeared without any notice by the average person, but they will see the damage when it comes to their cell phones.
'The average person' will never have any idea that any of this happened.
Re: (Score:2)
>people who, make no mistake, want to destroy our way of life.
Don't be melodramatic - for the most part they don't even know what our way of life is, except for the part that involves spending the better part of a century manipulating their domestic politics for our own ends - overthrowing legitimate democracies, installing sadistic dictators, selling them powerful weapons, etc. And honestly I'd rather like to destroy that part of our way of life myself, I just don't think it can be done via militant ac
Re: (Score:2)
So they're supposed to cause ruinous damage to corporations in order to get crypto keys protecting average everyday definitely not terrorists without so much as a by your leave? I don't think so. That's the sort of oppression they're supposed to protect us FROM. They have become the enemy. They are the oppressive government that we grew up being taught to despise. Did you even listen in the 4th grade?
Re:Fallout? (Score:4, Insightful)
Given that, operationally speaking, the NSA and GHCQ, and friends, are above the law(where it hasn't been modified to simply make what they do legal, because it's them doing it); your only real option is to start assessing providers of security-critical products and services according to the "Were a dangerously out-of-control clandestine entity to come knocking, would you be fucked or really fucked?" standard.
It is obviously Bad that you need to ask that question; but, since you do, you at least want the answer to be reassuring. Given that, according to what we know so far, the production process for SIMs involved Gemalto burning (insecurely transmitted) Kis in, at the factory, it looks like the production process is dangerously weak against tampering. As with the RSA seed storage/hack fiasco, it looks like that is going to have to change, with the vital secrets either stored a lot more carefully, or, ideally, generated on-SIM and never leaving the SIM during its operational life, short of a direct silicon-level attack.
Re: (Score:2)
with the vital secrets either stored a lot more carefully, or, ideally, generated on-SIM and never leaving the SIM during its operational life, short of a direct silicon-level attack.
My understanding is that's what they do already. The private key is generated and put directly into the SIM card and never leaves it. But a private key is useless if nobody knows the corresponding public key. It's the transfer of that public key to the entity that needs it, the carrier, that the NSA/GCHQ intercepted.
Maybe a fix would be for Gemalto to sell blank SIM cards and have the carriers themselves generate and burn the private key to it using a software WORN API: Write Once, Read Never. Of course th
Re: (Score:1)
What is this double standards in free countries.
Re: (Score:2)
Because 98% of those who vote give their consent. We knew what these people were doing since before the Church Commission, yet the voters continue to reelect the perpetrators. Don't blame the government for doing what it is told by the voting public.
And please save your breath with the 'lack of choices' and 'lesser evil' bullshit. I ain't hearing it! We did this to ourselves. There is nobody else to blame.
Re: (Score:2)
Isn't that cute. he thinks the NSA would ever be held accountable for their actions.
Re: (Score:2)
Can you show me where it is in their charter that they are to break the law without consequence? I must have missed that clause.
Re: (Score:2)
How do you propose that they hold the politicians responsible, when both parties that have a measurable chance of being elected support the same policies?
Damages (Score:5, Insightful)
So who does Gemalto sue when the bankrupting recall they are forced to do is the result of a government approved hack?
Re: (Score:1)
This isn't a government-approved hack, at least the Constitution of the United States explicitly prohibits it absent a warrant of probable cause against each snooped individual. Not sure about the UK - I'm pretty sure those poor sods don't have any rights left by now.
Re: (Score:1)
Yeah but we've since learned that "government-approved" and "constitutional" are two entirely different things and are not mutually inclusive.
Re: (Score:2)
I haven't " ... since learned that ..." since the Dutch story is new.
"constitutional" and "Constitutional" have different meanings.
Government approved? Which government?
Re: (Score:1)
So, the constitutional violation is not in gathering the private keys from a foreign supplier to hostile governments, but in the presumed use of the keys to decrypt without warrant the communications of American persons: citizens, permanent residents and corporations. (Yes, corporate personhood has some positive benefits; it extends constitutional protections to beyond citizens and permanent residents).
Re: (Score:3)
This is not true, and it's crucial to understand why.
In this context, "Constitution," is American-centric.
It does not apply to the Dutch.
The venue of law will have to start with the provenance of the Dutch company (is it owned by the Chinese?) and jurisdictions established before litigation can move forward.
Re:Damages (Score:5, Insightful)
How would they ever prove it? The stolen documents will be inadmissible. Everything will be protected as a state secret. Their customers won't care of course, but the courts will.
Taxpayers (Score:5, Insightful)
So, not only do we fund the hack, but now we need to fund the compensation for it.
Wonderful job.
Re:Taxpayers (Score:5, Insightful)
They want to know what you are saying, and they are willing to spend every penny you have to find out. And then some.
Re: (Score:1)
And not only that, 98% of the voters approve. So, you're right. They must be doing a wonderful job, they're still at it. Complaining about the agency while giving consent with one's vote is highly illogical.
Re: (Score:1)
People vote for the politicians who authorize the NSA's activities with little to no oversight.
Re: (Score:2)
Yeah, but voting for another party doesn't do any good either. I've done that rather consistently for decades, though altering which other party occasionally. And most people don't like to vote for someone who doesn't have a chance. (Besides, generally the people who will run for election without any chance of winning aren't any better than the incumbents, though their defects are different...and that's assuming that they're telling the truth.)
The corruption is FAR worse than usually discussed (Score:2, Informative)
Matt Taibbi gives a huge amount of detail about the collapse of U.S. society as we have known it: The Divide [amazon.com]. Quoting from the Amazon web page: "New York Times bestseller -- Named one of the best books of the year by the Washington Post, NPR, and Kirkus Reviews".
The book, House of Bush, House of Saud [amazon.com] by Craig Unger, tells how Bush and Cheney started a war so that they could make money. One of hundreds of books and articles abo
Blackphone (Score:2, Insightful)
And so everyone who moved to Blackphone for security purposes... who's to say the same thing can't / didn't happen?
We're Number 1! We're Number 1! (Score:5, Insightful)
Welcome to the USSA. Just like the old USSR, with better technology.
Re: (Score:1)
And more colorful uniforms. That's a big plus.
Corruption == Treason (Score:4, Funny)
Time to start treating it as such, use your backwards antiquated capital punishment laws for something productive for a change.
Re: (Score:3)
There are plenty
Re: (Score:2)
It's betrayal alright, but it doesn't fit the definition of treason. It does fit "malfeasance in office", and several other crimes. A million consecutive sentences for malfeasance should be sufficient punishment. Unfortunately, I see no chance of that happening.
Sanctions (Score:5, Insightful)
The world should introduce trade-sanctions against the USA and the UK, until they stop attacking other countries, and fall in line.
Re:Sanctions (Score:4, Insightful)
Except in the case of the U.K. trade sanctions from other E.U. member states are simply not permissible. I would also doubt the USA would introduce sanctions against the UK on this one, and E.U. sanctions against the USA would require approval from the UK which I doubt they are going to give. That's 45% of the worlds GDP locked in right there.
Good luck on that plan.
Re: (Score:1)
UKIP could those problems.
Re: (Score:2)
Except in the case of the U.K. trade sanctions from other E.U. member states are simply not permissible. I would also doubt the USA would introduce sanctions against the UK on this one, and E.U. sanctions against the USA would require approval from the UK which I doubt they are going to give. That's 45% of the worlds GDP locked in right there.
Good luck on that plan.
Not only that but all the above are sharing data on each other's citizens anyway.
Re: (Score:2)
Wrong, the EU courts don't have jurisdiction over this in the case of the U.K. Even worse the EU courts have insufficient evidence to even bring a case. All they have is a document that allegedly claims this which at best case scenario was stolen by someone now on the run. Good luck bringing a case on that evidence. So the EU courts simply can't fine the UK or the USA because without further evidence all we have is a circumstantial claim.
Further any attempt to take money from the USA government by taking fr
Re: (Score:3)
Re: (Score:2)
The world should introduce trade-sanctions against the USA and the UK, until they stop attacking other countries, and fall in line.
Naturally, it's advisable to don't sign commercial treaties with USA and UK, that are tre inverse of trade sanctions. I think governments must abandon TTIP and TPP at their destiny.
Even if the courts punish US/UK (Score:4, Insightful)
The governments will simply say "come and take it, if you can."
There have been enough of these headlines (Score:2, Funny)
So its probably about time we shut down the NSA right? They seem to be completely out of control and I'm not sure what they're actually accomplishing.
even more interesting (Score:5, Interesting)
Are they affected as well ? I would expect so
Re:even more interesting (Score:5, Insightful)
Gemalto do the majority of the smartcard market these days.
I've used them for everything for business banking to access control.
Is it not scary enough that they have been compromised to the point of making almost every SIM on the planet useless? By comparison a banking smartcard here or there is nothing.
Ironically, every few months our bank will tell us that we have to replace the PIN-pads/smartcards/whatever for a newer model "to be secure". Nobody's yet answered then why their software only works on IE (and older versions at that).
Re:even more interesting (Score:5, Interesting)
Gemalto do a lot of industrial SIMs. I have used them in products designed at work. Many cars with GSM/3G connectivity use their SIMs. Many smart meters, many mobile payment terminals, many sensor networks, many medical devices.
It's the kind of thing someone could use to bring down a lot of infrastructure. I bet loads of infrastructure monitoring uses Gemalto SIMs for M2M communications. It's probably safe to assume that if GCHQ and the NSA have the keys, so do others. Considering how much leaks out of those two organizations from relatively low level operatives I'm sure China and Russia and probably a few others have at least that much access.
Re: (Score:2)
That's the problem with any backdoor - once it's public that it exists, it's only a matter of time before everyone has the key. The stupid Lenovo spyware was exploited the same day it became public that it existed. This may take a little longer, but we can be certain that every bad actor will get this - organized crime as well as government (the distinction seems less clear over time).
Re: (Score:2)
As best I've been able to tell from what articles I've read, the NSA and friends were snarfing the Kis as they were sent from telcos ordering SIMs to Gemalto, where they were burned in. They may have some other program aimed at bugging the silicon or firmware of the smartcard ICs themselves, which would be a different problem; but according to what we know of this attack, it would not affect smartcards that are used t
Re:even more interesting (Score:5, Informative)
I'm not even kidding. Seriously.
Re: (Score:3)
Feasibility of end-to-end encryption (Score:2)
Is it currently? Any chance of phone manufactures implement it by default? How about carriers? Seems to be the only way to truly protect against things like this.
Re: (Score:2)
You can have end-to-end encryption right now if you are willing to do some work. Your Android phone has a built-in SIP client. Well, in theory; my SIP settings seem to have disappeared with Lollipop. I hope they'll come back by 5.1, if not sooner. But there's various SIP softphones available for all mobile platforms, probably even including windows phone. Android at least, and probably the others too, supports IPSEC. Everything you need is right there. The problem then becomes whether you can actually trust
Re: (Score:1)
It'll also need an IOMMU and a driver which prohibits the NIC from stepping out of line, or a NIC with open firmware. Otherwise, someone could (theoretically) own your NIC and then browse your memory from it.
On the (as yet inexistant) Neo900 the wireless module is a USB device. It doesn't get to access the memory if the CPU doesn't want it to.
The UK needs to pay (Score:5, Interesting)
This is an act of industrial espionage and infrastructure sabotage committed by one EU member against another. The UK needs to be held financially responsible for the damage, and punitive sanctions should follow. The UK should also explain how it sees its own future in the EU in the light of these revelations.
The End (Score:1)
Re: (Score:2)
The NSA has been exceeding it's charter by a wide margin for some time.
From SIM to Chip and PIN (Score:5, Interesting)
Now they can also prove that you were there when they emptied out your bank account. This is probably why they a refusing to provide any information on stingrays it goes way deeper than anyone thought.
Re: (Score:2)
I have been wondering about Stingrays too. Based on the Stingrays [wikipedia.org] Wikipedia page they would not need access to the SIM card's private key. Instead they force the device to use the weaker A5/2 security protocol and then crack it which allows them to recover the SIM card's private key.
The "GSM Active Key Extraction" performed by the StingRay in step three merits additional explanation. A GSM phone encrypts all communications content using an encryption key stored on its SIM card with a copy stored at the service provider. While simulating the target device during the above explained man-in-the-middle attack, the service provider cell site will ask the StingRay (which it believes to be the target device) to initiate encryption using the key stored on the target device. Therefore, the StingRay needs a method to obtain the target device's stored encryption key else the man-in-the-middle attack will fail.
GSM primarily encrypts communications content using the A5/1 call encryption cypher. In 2008 it was reported that a GSM phone's encryption key can be obtained using $1,000 worth of computer hardware and 30 minutes of cryptanalysis performed on signals encrypted using A5/1. However, GSM also supports an export weakened variant of A5/1 called A5/2. This weaker encryption cypher can be cracked in real-time. While A5/1 and A5/2 use different cypher strengths, they each utilize the same underlying encryption key stored on the SIM card. Therefore, the StingRay performs "GSM Active Key Extraction" during step three of the man-in-the-middle attack as follows: (1) instruct target device to use the weaker A5/2 encryption cypher, (2) collect A5/2 encrypted signals from target device, and (3) perform cryptanalysis of the A5/2 signals to quickly recover the underlying stored encryption key. Once the encryption key is obtained, the StingRay uses it to comply with the encryption request made to it by the service provider during the man-in-the-middle attack.
This perfectly illustrates why allowing protocol variants with weaker security is a bad idea. It also makes Gemalto's security lapse look somewhat irrelevant: cracking the SIM's private key seems pretty trivial anyway.
The Danger of Monoculture (Score:3)
Re: (Score:2, Interesting)
No, there are other companies such as Giesecke & Devrient (IIRC the documents show they were also targetted but without success).
But there are only a small number of them, and each mobile operator generally will get all its SIMs from just one of them since it's not in their interests to order from them all (it's more complex to manage, potentially harder to debug with multiple types of SIM in use, and probably more expensive as signing an exclusive deal will I'm sure come with a discount).
Encrypt all the things (Score:3)
Why is it that each subscriber cannot select their own encryption keys at the time of activation or any time thereafter?
Re: (Score:2)
Because the keys would be the same as the lock on their luggage.
Re: (Score:1)
Because it's a preshared key, so the mobile operator needs to know its half. Ok that doesn't make it impossible, but does make it very difficult to submit the key to the operator to activate your phone. And most subscribers would not know how to generate it. Generally people want to plug in the SIM and have it just work.
Re: (Score:1)
There's no technical reason you couldn't exchange the smart card's new symmetric key via an asymmetric crypto session, established using the telco's public key and your own private key securely stored on your local machine (in an encrypted keychain). Smart cards could then be modified to allow a symmetric key overwrite operation, while still preventing the symmetric key from being read back out by an attacker in possession of the smart card.
There isn't a technical problem, but there sure is one hell of a us
Re: (Score:3)
Yeah, but most people would use "password" as their password.
pot, f#&* kettle (Score:3, Insightful)
It would be nice if... (Score:5, Interesting)
It would be nice if the NSA was using this technology to spy on the real terrorists; and by that I mean the people who actually do want to hurt you and steal from you -- CEOs and Large Banks.
I mean, there has not been a SINGLE prosecution in the great financial disaster of 2008, yet, I'll be there's plenty of cell phone conversations and text messages about breaking up bad mortgages into financial instruments of mass destruction, and reselling them as AAA+ rated securities.
Excuse me, but after 20 trillion dollars lost, and another 2 or so trillion given away to prop up a few banks who wanted to play along with the government (until such time that it became time to steal again); it seems to me that the NSA should be more concerned about these guys than a few rouge crazies who blow up the occasional civilian.
Re:It would be nice if... the key leaked (Score:2)
What really got Lenovo into hot water was not just Superfish, but that Superfish got compromised. So, what we really need is for the NSA's stolen key to be leaked.
If that key leaks, it will finally cause the massive that will force the politicians to re-evaluate what the miscreants in GCHQ/NSA are "lawfully" doing.
Re: (Score:2)
Meanwhile in Iceland...
This is a country that jails bankers for economic fraud and protects activists like Wikileaks.
http://icelandreview.com/news/2015/02/12/icelandic-bankers-sentenced-prison
They are lucky enough to have a President who has stood up for the people who elected him. :) )
http://en.wikipedia.org/wiki/Ólafur_Ragnar_Gr%C3%ADmsson
( Read the paragraph below "Crisis of 2008 statements". This is the mouse that roared!
Re: (Score:2)
It would be nice if the NSA was using this technology to spy on the real terrorists; and by that I mean the people who actually do want to hurt you and steal from you -- CEOs and Large Banks.
I mean, there has not been a SINGLE prosecution in the great financial disaster of 2008, yet, I'll be there's plenty of cell phone conversations and text messages about breaking up bad mortgages into financial instruments of mass destruction, and reselling them as AAA+ rated securities.
Excuse me, but after 20 trillion dollars lost, and another 2 or so trillion given away to prop up a few banks who wanted to play along with the government (until such time that it became time to steal again); it seems to me that the NSA should be more concerned about these guys than a few rouge crazies who blow up the occasional civilian.
I'm betting that nothing will change so I've told my son he should become a high level banker :-)
Why are they using SIMS this way? (Score:2)
Re: (Score:2)
As cell and sim systems advanced the security services just kept up with having total mastery of every aspect of all the different telco networks.
Now users and telcos have to consider who else has the security services methods? Ex staff, former staff, dual citizens, contractors, foreign contractors. People cults and brand
Re: (Score:2)
GSM (and GSM cryptography) was developed way back when the smartest thing a cellphone could do was to store a few phone numbers and the hardware grunt the system had was minimal.
Also, when GSM was developed, the various intelligence agencies in the NATO countries deliberately wanted the cryptography to be weak in order to make it easier to hack.
Re: (Score:2)
Obtain the keys from a manufacturer in one nation hostile to the NSA, permute them in another? Or how about generating 1/2 the key in one country and 1/2 the key in another?
So... manufacture all the devices, then ship them to another country, to a facility under a different organization's control, modify them all, then ship them out for distribution?
That's not going to increase costs at all :-)
Back to my CDMA phone... (Score:2)
I go.
Hmm no wonder Congress hasn't (Score:2)
I trust this (Score:2)
I'm sure our next SIM cards will be much more secure... In fact, what's the bet the current batch are too secure, and the next ones will be pre-hacked.