That iPhone in your hands? It’s been compromised by the National Security Agency through its SIM card, and government spies can access your phone through a backdoor installed on it without even needing a court order.
Sound scary? It is, and it’s the latest bombshell to be dropped by American whistleblower Edward Snowden.
According to new documents leaked by Snowden to The Intercept, the NSA and its U.K. counterpart, the Government Communications Headquarters, hacked into the network of Gemalto, a Dutch company that manufactures SIMS for all four major U.S. carriers, as well as 450 other carriers worldwide.
While the NSA was hacked into Gemalto’s mainframe, they stole encryption keys used to protect every SIM from snooping. The result? Over 2 billion SIM cards are now compromised. The Intercept explains:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
This is a huge violation of privacy for pretty much everyone around the world, and Apple is just as vulnerable as any other device maker to this massive blow to mobile security. Still, the tech community takes its lead from Apple: A public letter from Tim Cook, openly condemning the NSA for this violation of iPhone users’ privacy and security, would certainly be welcome right now.
For more — much more! — about the NSA’s hacking of Gemalto SIMS, check out The Intercept’s full report at the link below. In the meantime, if you’re wondering what you can do to limit your exposure to this hack, send email with Transport Layer Security turned on, make calls through encrypted VoIP apps like FaceTime, and use encrypted messaging apps like iMessages instead of SMS.