In just under a week SIM card maker Gemalto claims to have done a complete security audit of their systems in 85 different countries and reports that "its office networks were compromised, the servers holding the SIM card encryption keys weren't." This is a record worthy of Guinness as most security audits take months or years to complete and the findings tend to discuss probabilities, not absolute certainties. As you might expect The Register and security experts everywhere are doubtful of the claims from a company that did not even know if was compromised less than a week ago that the UK based GCHQ and USA based NSA are unable to compromise your SIM cards encryption when they have the keys in hand. It has not been a good week for anyone who thinks about security.
"Six days ago Gemalto, the world's largest SIM card manufacturer, was told that back in 2010 it had been ransacked by NSA and GCHQ hackers. Today the company gave itself the all-clear: no encryption keys, used to secure phone calls from eavesdroppers, were stolen, it claims."
Here is some more Tech News from around the web:
- Solidfire offers unlimited SSD wear guarantee, punts software at market @ The Register
- Google updates: Android for Work launches with BlackBerry-backed encryption @ The Inquirer
- MWC: Microsoft tipped to unveil trio of cheap Lumias, but no Snapdragon 810 flagship @ The Inquirer
- Tech ARP 2015 Mega Giveaway
If it was “legal” then
If it was “legal” then nothing was stolen. Don’t you people know how this works yet?
World’s record for fastest
World’s record for fastest security audit? but what about the record for regaining its customers trust, that will take a while to figure out. It’s not hard to guess that the damage is done, good luck fixing that. Nuclear Football launch codes secure is what in needed in the entire Internet/mobile telecom market, these data breach articles are becoming a daily occurrence, so someone better get with the 365, 24/7 enhanced security/privacy ducks, they are definitely not in order, and what Quacks are running the security in the companies, that claim to be in the security business!!!
Supposedly the system
Supposedly the system containing the data was air gapped. It doesn't take that long to figure out if a data storage system could not have possibly been compromised if there was no way it could have been accessed by any sort of hack short of actual physical access. Then it's just a simple physical security audit.