Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Gemalto says onion and orange setup protected it from government hacks

SIM card manufacturer Gemalto has conceded that it could have been attacked by the NSA and GCHQ, but maintains that this “could not have resulted in a massive theft of SIM encryption keys.”

The Netherlands-based firm has investigated a pair of “particularly sophisticated intrusions” that took place in 2010 and 2011 and published its findings online.

Gemalto says that it was unable to identify the perpetrators at the time but now reckons they could have been carried out the US and UK governments’ infamous spy agencies.
 
The attempted hacks, according to Gemalto, only penetrated the outer parts of the company’s office networks and did not affect SIM encryption keys and other customer data.

“It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” reads the report.

If the hacks had been successful, the NSA and GCHQ would have been able to monitor millions of customers’ call, texts and emails.

The Gemalto report suggests that the attempted hacks were targeted at mobile operators in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikistan.

Related: Snapdragon 810 gets killswitch to boost security

Gemalto adds that the spy agencies might have been able to spy on consumers if they’d managed to get their hands on 2G SIM encryption keys, but this wouldn’t have been the case with 3G and 4G, since the newer technologies are better protected.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.