By now, it's a familiar story: a secretive intelligence agency targeted law-abiding security professionals in order to break one of the world's most fundamental encryption systems. In this case, it was the GCHQ breaking into Gemalto, one of the world’s largest SIM card manufacturers, in order to steal the keys to the encryption that secures phone calls as they travel from devices to towers. We're still sorting through the wreckage, but it's likely to affect carriers across the world. But while the attack fits the mold of previous Snowden revelations, there are some crucial differences this time around.
What's most shocking is how far the GCHQ will go for a slightly better angle of attack
The Gemalto attack is unique not just for its aggressive scope, but for how little it seems to have actually accomplished. Intelligence agencies were already able to listen in on phone conversations through targeted exploits, stingray attacks and carrier requests. While the Gemalto attack took bold and criminal steps to break through SIM encryption, it seems to have offered only a marginal improvement in that ability. What's most shocking about the revelations is how far the GCHQ will go for a slightly better angle of attack.
Compared to the more sophisticated encryption protecting e-mail or chat, cell conversations have only minimal protection. In part, that's because the SIM system was never meant to stand up to a sophisticated attack. When the system was deployed in the early '90s, the biggest concern was users trying to steal service. A hidden SIM key meant you couldn't clone someone else's cell phone to make calls on their dime. It also introduced just enough encryption that you couldn't listen in on conversations in mid-air, but the limitations of cellphone hardware kept it from being too advanced.
As a result, researchers were discussing SIM-level attacks long before they heard the name Edward Snowden. In the case of the old GSM (or 2G) cell system, there are countless problems, including weak encryption algorithms and no measure to authenticate cell towers, opening users up to interception by fake cell towers known as stingrays. Even more advanced cell encryption algorithms aren't up to the standards you'd find on a computer. In 2010, a group of researchers were able to crack 3G encryption in just two hours of computing time on a single PC, although the attack required significant data to draw from. It's alarming to find SIM protections entirely bypassed, but the protections weren't that strong to begin with.
Researchers cracked 3G encryption with just two hours of computing time on a single PC
Even after GCHQ cracked the SIM cards, there’s a limit to how much the agency could do with them. SIM encryption isn't end-to-end — it only encrypts conversations between your phone and the cell tower — so it's only useful if you're grabbing signals out of the air. It can't be used for bulk collection, and any specific collection would be tied to the target's physical location. For the GCHQ to make use of its newly stolen SIM cards, it would have to be within a mile of whoever it wants to listen to, actively pulling a signal transmission out of the mess of wireless cell traffic. That's usually more trouble than it's worth, leading intelligence agencies to get the data from other weak points in the carrier infrastructure, whether it's a direct court order for carrier cooperation or an exploit targeting the phone itself.
As a result, it's hard to see where Gemalto's SIM cards would meaningfully help the GCHQ. If they want to intercept calls in transit, they have a stingray to let them do it. Any data that can't be gotten through a carrier request (which, as NSA leaks have shown, isn't much) can probably be decrypted through brute force, thanks to the relatively weak algorithms in play. Sure, having the SIM cards ready lets them do it a little bit faster and a little bit more reliably. They don't have to worry as much about carrier participation, and they don't have to worry about the network anomalies a Stingray might cause — but it's still a very small upgrade in operational capacity, compared to the huge undertaking it took to break Gemalto's security measures.
Intelligence agencies are unaccountable by design
If that sounds reassuring, it shouldn't. If anything, it's proof of how out of control the GCHQ really is. Gemalto is still investigating the hack, according to a statement this morning, but the fallout from this revelation is likely to be significant. Gemalto partners with some of the largest carriers in the world, and the company's SIMs are also used in passports and chip-and-pin credit cards. The fallout spans industries, and it will be a long road for any affected company to regain consumer trust. Breaking SIM security was very, very destructive, and based on the technical evidence, it's hard to argue that it saved lives or gathered any information that couldn't have been gathered another way. It was simply a very expensive backup plan.
One can imagine someone balancing these options — a president, say, or a general — and deciding that stealing Gemalto's SIM keys wasn't worth it. One can imagine the same decision for tapping Chancellor Merkel's phone or breaking into Google's private network. In fact, when heads of state have been presented with this option, they've frequently made that decision — but it's rare that they are aware of the programs at all. Instead, the decisions are made in secret, on the assumption they will always be secret. It’s sheer bureaucratic inertia: there's an upside to collecting more data, acquiring more methods, and no downside is ever considered. The agencies are unaccountable by design, and there's no indication that will change any time soon.