Gemalto says onion and orange setup protected it from government hacks

SIM card manufacturer Gemalto has conceded that it could have been attacked by the NSA and GCHQ, but maintains that this “could not have resulted in a massive theft of SIM encryption keys.”

The Netherlands-based firm has investigated a pair of “particularly sophisticated intrusions” that took place in 2010 and 2011 and published its findings online.

Gemalto says that it was unable to identify the perpetrators at the time but now reckons they could have been carried out the US and UK governments’ infamous spy agencies.
 
The attempted hacks, according to Gemalto, only penetrated the outer parts of the company’s office networks and did not affect SIM encryption keys and other customer data.

“It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” reads the report.

If the hacks had been successful, the NSA and GCHQ would have been able to monitor millions of customers’ call, texts and emails.

The Gemalto report suggests that the attempted hacks were targeted at mobile operators in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikistan.

Related: Snapdragon 810 gets killswitch to boost security

Gemalto adds that the spy agencies might have been able to spy on consumers if they’d managed to get their hands on 2G SIM encryption keys, but this wouldn’t have been the case with 3G and 4G, since the newer technologies are better protected.