Snowden and Gemalto
Snowden and Gemalto
Posted Oct 12, 2017 7:06 UTC (Thu) by Garak (guest, #99377)Parent article: Strategies for offline PGP key storage
Keycards introduce a new element into the trust chain: you need to trust the keycard manufacturer to not have any hostile code in the key's firmware or hardware.I think its better to have this mindset in general so that you don't even really consider it a new element so much as just another element. But I understand the phrasing given the history of the subject.
In addition, you need to trust that the implementation is correct.Um, yeah. Again, seems to be a stating the obvious kind of thing. But again, due to how the NSA managed to get the entire industry to ignore closed source firmware threat surface for so many years pre-Snowden, I do grok the chosen phrasing here.
Keycards are harder to update: the firmware may be deliberately inaccessible to the host for security reasons or may require special software to manipulate.Perhaps not what is being referenced here, but I'll state the obvious and say that any manufacturer that has any lines of hardware/software source code that are not made available to the user, or closed source tools not made available to the user/ProductOwner, shouldn't be trusted without a healthy amount of skepticism and paranoia. In other words, if the manufacturer is physically able to update some code in the device I 'purchased' (not leased), then I want that ability too or no sale. Here is where all the spooks get to enjoy the fun toys. They get (or have stolen) the ability to maximize the security of the product by having the ability to enhance every enhanceable line of code in the system. Just because you sneak a peak of your spook friend using a particular product, doesn't mean that product would enhance the security of others who paid the same price at the same store for it.
Keycards may be slower than the CPU in performing certain operations because they are small embedded microcontrollers with limited computing power.Yeah, but for these use cases you really don't need that much. So as with the prior string of points, I feel like there isn't quite the right focus here.
One thing I'd focus on is Gemalto and Snowden. When I recall forming opinions about this subject pre-Snowden, I recall Gemalto being within a narrow category of interesting as far as my paranoid concerns go. Thus I took particular notice of the Gemalto substory of the Snowden revelations. I suppose referencing it is what I would have done to bolster the first sentence in the graf I quoted at top. But then again, that's probably why I don't get paid to write for large audiences.
(full disclosure, I did work for Keyhole(aka GoogleEarth) in 2002-2004 which was partly funded by In-Q-Tel/CIA(referenced in wikipedia quote), but in no way related to this beyond general computer competency (typical LWN/Schneier readership awareness of cybersecurity issues)
https://en.wikipedia.org/w/index.php?title=Gemalto&oldid=801546887#Security_breaches
Security breaches
According to documents leaked by Edward Snowden, NSA's and GCHQ's Mobile Handset Exploitation Team[57] infiltrated Gemalto's infrastructure to steal SIM authentication keys, allowing them to secretly monitor mobile communications.[58] GCHQ codenamed the program "DAPINO GAMMA". The secret GCHQ document leaked by Snowden also claimed the ability to manipulate billing records to conceal their own activity and having access to authentication servers to decrypt voice calls and text messages.[58] Snowden stated that "When the NSA and GCHQ compromised the security of potentially billions of phones (3g/4g encryption relies on the shared secret resident on the sim), they not only screwed the manufacturer, they screwed all of us, because the only way to address the security compromise is to recall and replace every SIM sold by Gemalto."[59]
The breach subsequently refueled suspicions against Gemalto chairman Alex J. Mandl, given his role in the CIA venture capital firm In-Q-Tel.[60]
GCHQ and NSA declined to comment on the matter.[61] Gemalto issued a press release on February 25, 2015 saying there were "reasonable grounds to believe that an operation by NSA and GCHQ probably happened," but denying that the government agencies gained access to any authentication keys.[62][63]