Australian Privacy Commissioner Timothy Pilgrim is investigating reports about SIM card encryption keys – including those of SIM cards used in Australia – having been allegedly hacked by United States and United Kingdom intelligence agencies during 2010 and 2011.
Members of the British Government Communications HeadQuarters (GCHQ) and the American National Security Agency (NSA) reportedly hacked into the computer network of Amsterdam-based SIM card maker Gemalto and took smartphone encryption keys used by customers of a number of mobile phone carriers worldwide.
In a statement, Gemalto said it was investigating the issue.
“Initial conclusions already indicate that Gemalto SIM products are secure and the company doesn't expect to endure a significant financial prejudice,” the company said.
The <i>Sydney Morning Herald</i> reported this week that Telstra, Optus and Vodafone Australia have sold SIM cards produced by Gemalto.
In a brief statement, Pilgrim said he was “making enquiries” with a number of telecommunications providers in relation to the issue.
A Telstra spokesperson told Computerworld Australia that the telco sources SIM cards from multiple suppliers, including Gemalto.
“We’re in contact with Gemalto and they are investigating the claims. We will work with Gemalto to address any issues they might identify,” the spokesperson said.
The spokesperson added that Telstra takes customers' privacy and security “very seriously”.
“SIM card encryption is just one of a multiple ways Telstra secures our network and the communications of our customers.”
Vodafone Australia has posted a security update on its website about Gemalto.
“There are reports in the media that one of the companies that supplies our SIM cards, Gemalto, was the subject of hacking in 2010 and 2011,” read the update.
“We have no evidence that any Vodafone Australia customers’ SIMs have been compromised. If we do find any evidence that any customer’s SIM card has been compromised, we are committed to being fully transparent and working directly with those customers to replace any SIMs.”
A Vodafone Australia spokesperson said it has no further details of the allegations which are industry-wide in nature and are not focused on any one mobile operator.
“We will support industry bodies and Gemalto in their investigations,” the spokesperson said.
An Optus spokesperson said that it uses a number of SIM card vendors including Gemalto.
"We are aware of the security allegation and are awaiting advice from Gemalto."
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia