Telstra, Optus and Vodafone might be forced to recall millions of mobile phone SIM cards after it was revealed that US and British spy agencies stole encryption keys that secure personal information including calls and texts.
Australia’s three leading telcos confirmed to Fairfax Media that they each sold SIM cards produced by the hacked Dutch company, Gemalto.
Photo: Penny Stephens
It is still uncertain as to whether or not they will issue replacement SIMs to customers affected by the hack. They are awaiting further advice from Gemalto and authorities as they carry out their investigations.
A spokesperson from Telstra has said “Telstra takes customers privacy and security very seriously.”
Telstra, Optus and Vodafone have not disclosed what percentage of SIMs they used were manufactured by Gemalto however it is the largest card manufacturer in the world and Telstra has said it is a “significant” supplier.
There are claims that the British Government Communication Headquarters (GCHQ) hacked into Gemalto’s IT systems to obtain the encryption keys of SIM cards, giving them access to personal content stored on SIMs and even enables them to listen in on phone calls.
“It enables them to bypass wiretapping restrictions, it doesn’t require any special tool, you don’t have to be very sophisticated to go through this decryption.” Linus Information Security Solutions Director, Mike Thompson told Fairfax.
Source: Fairfax Media