Senator for Western Australia Scott Ludlam has sent a letter to Telstra CEO David Thodey expressing concerns about the use of Gemalto SIM cards by the telco following media reports that the company’s SIM card encryption keys were allegedly hacked by United States and United Kingdom intelligence agencies during 2010 and 2011.
Members of the British Government Communications Headquarters (GCHQ) and the American National Security Agency (NSA) reportedly hacked into the computer network of Amsterdam-based SIM card maker Gemalto and took smartphone encryption keys used by customers of a number of mobile phone carriers worldwide.
In his letter, Ludlam asked Thodey to urgently confirm how many Gemalto SIM cards Telstra uses in its network and to what extent the telco believes the security of its customers’ communications has been compromised by the actions of the NSA and GCHQ.
“I request that you confirm how long Telstra has been aware of this security breach and what remediation steps it will undertake, including the recall of any affected SIM cards,” wrote Ludlam.
“I believe that Telstra is in contact with Gemalto on the issue, and I would urge you to take a transparent approach with customers in disclosing the extent of this very serious problem.”
A Telstra spokesperson told Computerworld Australia today that the telco sources SIM cards from multiple suppliers, including Gemalto.
“We’re in contact with Gemalto and they are investigating the claims. We will work with Gemalto to address any issues they might identify,” the spokesperson said.
The spokesperson added that Telstra takes customers' privacy and security “very seriously”.
“SIM card encryption is just one of a multiple ways Telstra secures our network and the communications of our customers.”
Australian Privacy Commissioner Timothy Pilgrim said he is making enquiries with a number of telecommunications providers in relation to the issue.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.