Gemalto Takes The Lenovo Approach: Denies Any Real Risk From NSA Hacking Its Encryption Keys

from the nothing-to-see-here... dept

Apparently, execs at Gemalto went to the same crisis management training program as the top execs at Lenovo. As you probably recall, last week The Intercept revealed that the NSA and GCHQ had hacked into the systems at Gemalto, the world's largest maker of SIM cards for mobile phones, in order to get access to their encryption keys. This is a pretty massive security breach, allowing these intelligence agencies to decrypt calls that people thought were encrypted. But Gemalto insists its SIM cards are perfectly secure:
“Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.”
This sounds an awful lot like Lenovo's initial reaction to the reports about the Superfish/Komodia vulnerability it shoved onto many of its customers computers, saying (totally incorrectly):
We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns.
Lenovo, at least, pretty quickly changed its tune and admitted to it being a major problem. Of course, there are some differences here. With Lenovo, the company had made the choice to include Superfish -- whereas the Gemalto hacking was done (obviously) without the company's knowledge. You'd hope that the company would be much more upfront about the seriousness of the issue, rather than insisting that everything is just fine and dandy.

Of course, it's that last phrase -- about not having to "endure a significant financial prejudice" -- that shows what's really going on. Gemalto's stock price took a huge hit, and the company is trying to assure investors that everything is okay -- not necessarily its customers. See if you can tell when the news about this came out?
So now the question is, which is more important to Gemalto? Keeping its stock price up or its users secure?

Filed Under: gchq, hacking, nsa, risk, sim cards
Companies: gemalto

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    New Boss, 24 Feb 2015 @ 5:50pm

    Stage One - Denial?

    Seems like they are in stage one of grief, DENIAL. In the days that follow:
    ANGER - Upon thorough security assessment, how dare they! EU protect us!
    BARGAINING - international spy agencies, please don't. We know, "Eye of Sauron" and all but this is really cramping our business style. Promise you won't make us look bad. Promise you won't do it again.
    DEPRESSION - they totally owned us, Sony 2.0, shit, shit, shit... Who will get fired? Our stock price, oh, our stock price.
    ACCEPTANCE - This is going to happen. Hey, remaining customers, I'll sell you new gear with new technology buzz words like "Perfect Forward Secrecy", and SOME"open source". Psst, hey super secret spy agency, we will sell you technology too. Sure you could break in and get it yourself, but we are wise to you now, and invested in some better locks, save some time and just buy it from us instead. Telecom network upgrade fees $$, good PR from secure technology, check, and dual $$ revenue stream for every product shipped.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.