Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




773 posts

Ultimate Geek
+1 received by user: 176


Topic # 165793 20-Feb-2015 20:26
One person supports this post
Send private message

Are 2 degrees SIM cards subject to the hacking of cards made by Gemalto?

If so, will 2 degrees be replacing these cards?



View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
24 posts

Geek
+1 received by user: 4


  Reply # 1243401 21-Feb-2015 07:39
2 people support this post
Send private message

All mobile providers, payment providers are compromised. Gemalto is a major supplier of SIM cards and also NFC tech.

https://www.paymark.co.nz/case-studies/mobile-wallet-trial.html

Unfortunately because it was US and Uk who perpetrated hack this will be swept under carpet as protecting your freedom and stopping the terrorist's.

27266 posts

Uber Geek
+1 received by user: 6692

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1243419 21-Feb-2015 08:41
Send private message

I'm unsure why people would really share any concern from this - interception of your voice traffic is easy with a warrant and all SMS messages in NZ are logged and stored anyway and can be accessed with a warrant.



 
 
 
 


24 posts

Geek
+1 received by user: 4


  Reply # 1243443 21-Feb-2015 08:57
One person supports this post
Send private message

The issue is it bypasses the warrant and all communications are gathered.

It is a slippery slope when governments who have the power to prosecute can and do abuse these powers.

You only need look at the recent vindictive prosecutions in the US and UK on journalists and whistleblowers. Not to mention the Dotcom case in NZ.

4717 posts

Uber Geek
+1 received by user: 2201

Trusted
Subscriber

  Reply # 1243455 21-Feb-2015 09:16
7 people support this post
Send private message

dvkwong: The issue is it bypasses the warrant and all communications are gathered.


But to do so would be illegal, and our secret intelligence services would never unlawfully spy on you. Can you imagine the public outcry if they did? There would be a revolution.




iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


24 posts

Geek
+1 received by user: 4


  Reply # 1243462 21-Feb-2015 09:34
Send private message

NZ just passed law last year, they do NOT need a warrant for first 24 hours of surveillance on anybody in NZ. As for NZ data held by overseas spy agencies that seems to be open season.

The only revolution is to encrypt your data and communications. Your electronic data's privacy should be treated no diffently to the physical documents you may have stored at home.


4993 posts

Uber Geek
+1 received by user: 1327

Trusted
Microsoft

  Reply # 1243463 21-Feb-2015 09:38
Send private message

dvkwong: NZ just passed law last year, they do NOT need a warrant for first 24 hours of surveillance on anybody in NZ. As for NZ data held by overseas spy agencies that seems to be open season.

The only revolution is to encrypt your data and communications. Your electronic data's privacy should be treated no diffently to the physical documents you may have stored at home.



smash your phone and shred your SIM card, how do I encrypt my cellular voice calls and SMS?

24 posts

Geek
+1 received by user: 4


  Reply # 1243488 21-Feb-2015 09:59
Send private message

This link has good information

https://www.eff.org/deeplinks/2013/07/technology-protect-against-mass-surveillance-part-1 

The idea that we are under constant surveillance and anything we say or do may be under scrutiny affects you whether you know it or not.

4717 posts

Uber Geek
+1 received by user: 2201

Trusted
Subscriber

  Reply # 1243592 21-Feb-2015 11:44
Send private message

nathan:

smash your phone and shred your SIM card, how do I encrypt my cellular voice calls and SMS?


Well, if you've smashed your phone and shredded your SIM, you'll find it difficult to make any cellular calls or SMS. But assuming you haven't done that, you could give Silent Circle a try.




iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


4993 posts

Uber Geek
+1 received by user: 1327

Trusted
Microsoft

  Reply # 1243600 21-Feb-2015 12:08
2 people support this post
Send private message

SaltyNZ:
nathan:

smash your phone and shred your SIM card, how do I encrypt my cellular voice calls and SMS?


Well, if you've smashed your phone and shredded your SIM, you'll find it difficult to make any cellular calls or SMS. But assuming you haven't done that, you could give Silent Circle a try.


:)

probably easier to not use cellular if you are paranoid (!) about that sort of thing

its kind of impractical for every person you want to call or text to have a paid Silent Circle account too.



773 posts

Ultimate Geek
+1 received by user: 176


  Reply # 1243988 22-Feb-2015 07:54
Send private message

dvkwong: All mobile providers, payment providers are compromised. Gemalto is a major supplier of SIM cards and also NFC tech.

https://www.paymark.co.nz/case-studies/mobile-wallet-trial.html

Unfortunately because it was US and Uk who perpetrated hack this will be swept under carpet as protecting your freedom and stopping the terrorist's.


No. Only those providers who are using Gemalto SIM cards are compromised.

You would have hoped that a company that is selling security products would have given their staff some guidance to help them fend off the kind of phishing attacks that led to the leaking of keys.

Other SIM card vendors do warn their staff of that sort of attack.


4717 posts

Uber Geek
+1 received by user: 2201

Trusted
Subscriber

  Reply # 1244004 22-Feb-2015 09:15
One person supports this post
Send private message

jpoc:

No. Only those providers who are using Gemalto SIM cards are compromised.

You would have hoped that a company that is selling security products would have given their staff some guidance to help them fend off the kind of phishing attacks that led to the leaking of keys.

Other SIM card vendors do warn their staff of that sort of attack.



The Semble SIMs are from Gemalto. And I'm pretty sure Gemalto took reasonable precautions too. If you think you'd be safe against the combined might of the NSA and the GCHQ making a determined, targeted attack against you, then you would unpleasantly surprised. There were the occasional slip-ups -- and those do happen, for a lot of good reasons -- but a lot of it seems to be the so-called good guys MITM-ing or infecting otherwise legitimate sites with advanced malware targeted against specific individuals.

Finally, it's worth noting that SIMs were never designed to be secure in the face of a persistent threat from an adversary with billions of dollars and government backing. They are designed to prevent fraud, and the kind of snooping a normal criminal of the 90s to mid-2000s might employ. The assumption always was that if a government wanted to listen in, they'd ask with a warrant, so attempting to create a security solution impervious to them was never a requirement. Nobody expects the Spanish Inquisition.

Don't misunderstand me: this p***es me off more than I can express, both as a private citizen and as a core team member of a cellular company. But I don't believe for one second that the people responsible are doing anything more than privately crowing that now the whole world knows just how 1337 they are.




iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.




773 posts

Ultimate Geek
+1 received by user: 176


  Reply # 1244073 22-Feb-2015 11:49
Send private message

SaltyNZ:
...
If you think you'd be safe against the combined might of the NSA and the GCHQ making a determined, targeted attack against you, then you would unpleasantly surprised.
...


Oh really, you _know_ this do you?

What I know is that the SIM manufacturer that I used to work for came under sustained phishing, and other social engineering attacks for most of the time that I worked there. The staff and contractors were all given advice about what was going on and what to look out for. Nobody got their keys.


76 posts

Master Geek
+1 received by user: 24


  Reply # 1244075 22-Feb-2015 11:57
2 people support this post
Send private message

jpoc:

Oh really, you _know_ this do you?

What I know is that the SIM manufacturer that I used to work for came under sustained phishing, and other social engineering attacks for most of the time that I worked there. The staff and contractors were all given advice about what was going on and what to look out for. Nobody got their keys.



... that you know of

4717 posts

Uber Geek
+1 received by user: 2201

Trusted
Subscriber

  Reply # 1244236 22-Feb-2015 16:25
Send private message

jpoc:
What I know is that the SIM manufacturer that I used to work for ... Nobody got their keys.



These documents date from 2010, showing efforts from at least 2009, and probably earlier. Gemalto are only just finding out they were hacked, from those documents, now. In 2015. They were pwned for at least six years without realising and still would be if Snowden hadn't leaked them. I don't know who you worked for, but if the NSA wanted your keys, they'd have them, and there is nothing you could do to stop them. These are the guys responsible for Flame, Stuxnet, and the Equation Group. 

If New Zealanders are safe from these attacks so far, it's only because this country is small and boring. Not because we have some super-unbeatable security.






iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


2476 posts

Uber Geek
+1 received by user: 884

Trusted
Lifetime subscriber

  Reply # 1244313 22-Feb-2015 18:55
Send private message
 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.