BERLIN — Gemalto NV, the largest maker of mobile-phone cards, said it’s investigating a report that U.S. and U.K. spies allegedly hacked into its computer network to steal the keys used to encrypt conversations, messages and data traffic.
The U.K.’s Government Communications Headquarters and the U.S. National Security Agency started intercepting the encoders in 2010 as they were shipped to phone companies, allowing them to monitor wireless communications and bypass the need to get permission for wiretapping, the Intercept reported Thursday, citing documents from former NSA contractor Edward Snowden.
Gemalto is a particularly valuable holder of the keys as the French company produces 2 billion SIM cards a year, the report says.
“The publication indicates the target was not Gemalto per se — it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent,” Gemalto said in a press statement Friday, adding it couldn’t immediately verify the findings in the report. In an emailed statement, GCHQ said it couldn’t comment on intelligence matters, citing policy.
The theft of encryption keys would potentially allow U.S. and U.K. agencies to also unlock communications it had recorded but was previously unable to unlock, the Intercept said.
