US, UK spy agencies raid Gemalto SIM encryption keys

The US and UK national spy agencies stole encryption keys that protect mobile phone communications around the world to monitor global voice and data mobile communications without permission.

The spying activity was revealed in new documents leaked by former National Security Agency (NSA) contractor Edward Snowden to the The Intercept.

The document details how the spy agency together with its British counterpart, the Government Communications Headquarters (GCHQ), stalked and intercepted communications between employees of global authentication conglomerate Gemalto to discover where encryption keys for SIM cards were held.

Master encryption keys were transferred to mobile telcos insecurely in some cases, via email, file transfer protocol (FTP) or cloud storage site, with little or no protection, enabling the spy agencies to capture them easily.

The GCHQ and NSA also penetrated Gemalto's network completely around 2010, according to the documents.

Gemalto produces billions of SIM cards for telcos around the world. After capturing the keys that unlock encrypted 3G/4G communications, attackers can eavesdrop unnoticed, and also bulk collect calls, texts and data transmissions without a warrant.

As mobile communications do not support perfect forward secrecy (PFS) with unique key regeneration, it is possible for the spy agencies to siphon up communications for a long period of time, and decrypt them at a later stage.

Beyond intercepting encryption keys, GCHQ also claimed in the documents to be able to suppress call charges in telco billing servers to hide spy agency access.

Crypto specialist and lecturer at John Hopkins University in the US, Matthew Green, called the key capture really bad news for phone security.

"Gaining access to a database of keys is pretty much game over for cellular encryption," Green told The Intercept.

At this stage, it is not known how many encryption keys the GCHQ and NSA were able to capture.