According to new documents leaked by Edward Snowden, the NSA and its UK counterpart, Government Communications Headquarters (GCHQ), hacked into the computers of Gemalto, a company that manufactures SIM cards for a large number of carriers around the world. In doing so, the intelligence agencies acquired encryption keys that would allow them to intercept communications from customers of all four major U.S. carriers, along with 450 others around the world.
Snowden, who has been a blowing the whistle on secret NSA surveillance programs since 2013, leaked the documents to The Intercept, which broke the news earlier today:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider's network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
It's difficult to assess the extent and effects of this breach right now, but it definitely represents a massive blow to mobile security, as The Intercept notes that Gemalto produces 2 billion SIM cards each year — making it highly likely that the SIM in your phone was produced by the company.
For much more on this, check out The Intercept's full report from the source link below.