A recent report based on information from Edward Snowden made a startling accusation regarding the security of the SIM cards lurking in most of our phones. According to the newly leaked documents, Netherlands-based Gemalto was the target of a CIA and GSHQ (UK intelligence) plot to steal SIM card encryption keys. Gemalto is the largest maker of SIM cards in the world, so that would be a substantial security breach. Gemalto has issued a statement after completing its investigation to say that, yes, there was probably an attack. However, it does not believe any sensitive data was stolen.
The SIM cards made by Gemalto are used by more than 450 telecom operators all over the world including AT&T, T-Mobile, Sprint, and Verizon here in the US. If an intelligence agency were to obtain the encryption keys for Gemalto's SIM cards, it could spy on the users without anyone knowing. The report indicated carriers in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan, and Tajikistan were the target of the attack. Of course, that doesn't mean other keys were safe. Luckily for all of us, Gemalto's investigation revealed that the hack, which reportedly took place in 2010, only breached an office network and didn't result in the theft of any important data.
According to Gemalto, its security team quickly stopped the network intrusion in 2010, though it was only a network used by Gemalto employees, not a storehouse of sensitive data. A separate phishing attack several months later was also thwarted. The company now suspects these acts were the doing of the CIA and GCHQ. While nothing of value was obtained, Gemalto points out the type of attack that could be carried out with the SIM encryption keys would only work on 2G networks. 3G and LTE would not be affected.
So is that it? This sort of situation is perfect for conspiracy theories and second guessing—was it a diversion? Is Gemalto in on it? Are aliens involved? Maybe there's some shady business going on here, but this is Gemalto's official word on the attack. Take it or leave it.