Dnia czwartek, 19 lutego 2015 16:47:25 grarpamp pisze:
On Thu, Feb 19, 2015 at 3:50 PM, Jeffrey Walton <noloader@gmail.com> wrote:
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
In case anybody missed it: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - In order for the cards to work and for the phones’ communications to be secure, Gemalto also needs to provide the mobile company with a file containing the encryption keys for each of the new SIM cards. These master key files could be shipped via FedEx, DHL, UPS or another snail mail provider. More commonly, they could be sent via email or through File Transfer Protocol, FTP, a method of sending files over the Internet. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Wait, does that mean master keys were being sent in cleartext via open Internet? Yes. Yes it does. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The document noted that many SIM card manufacturers transferred the encryption keys to wireless network providers “by email or FTP with simple encryption methods that can be broken … or occasionally with no encryption at all.” To get bulk access to encryption keys, all the NSA or GCHQ needed to do was intercept emails or file transfers as they were sent over the Internet — something both agencies already do millions of times per day. A footnote in the 2010 document observed that the use of “strong encryption products … is becoming increasingly common” in transferring the keys. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147