In many cases you have specific procedures in place for security-conscious MNOs,... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nicolas314 on Feb 19, 2015 \| parent \| context \| favorite \| on: The Great SIM Heist: How Spies Stole the Keys to t... In many cases you have specific procedures in place for security-conscious MNOs, but some of these procedures are such a pain that you inevitably end up finding workarounds to get the business going, e.g. email or USB tokens between various people who are not supposed to have those keys. Of course security officers and other officials are not aware of this. Dig through any sales mailbox and you will find CSV files (usually called output files) containing Ki encrypted with simple DES. I let you ask around to learn which DES key is most often used. Disclaimer: this is not specific to Gemalto.

jdbernard on Feb 19, 2015 [–]

Unfortunately that is very possible, and of course I can't speak for other companies. I will say that Gemalto has internal access protection for these and other information.

Of course, there are lots of things I didn't have visibility on and it is possible that I am overly optimistic.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact