Risky Business #355 -- Gemalto op exposes cellphone crypto flaws

P1 Security (and Qualys) founder Philippe Langlois talks SIM key haxx...
26 Feb 2015 » Risky Business

On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.

Last week The Intercept reported on some Snowden dox that said NSA and GCHQ were basically scooping up SIM card private keys from anywhere they could, including from within Gemalto's network. Because cellphone encryption schemes are symmetric, this is bad. It's very, very bad. We'll talk to Philippe about that.

This week's show is sponsored by Palo Alto Networks, big thanks to them. PAN CSO Rick Howard will be along in this week's sponsor interview to talk about one of his passion projects, the Cybersecurity Canon. It's basically his book club idea that PAN is now sponsoring and it's got a LOT of potential. Find out how you can get involved in this week's sponsor interview, with big thanks to Palo Alto Networks.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle

PCS Harvesting at Scale - The Intercept

Gemalto Doesn't Know What It Doesn't Know - The Intercept

Lenovo Superfish Certificate Password Cracked | Threatpost | The first stop for security news

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated] | Ars Technica

How to remove the Superfish malware: What Lenovo doesn't tell you | Ars Technica

Get your Snort rules here: SuperFish Detection - SquareLemon

Support Risky Business on Patreon:

Security software found using Superfish-style code, as attacks get simpler | Ars Technica

Here's how the clash between the NSA Director and a senior Yahoo executive went down. - The Washington Post

Spies Can Track You Just by Watching Your Phone's Power Use | WIRED

LenoLOL! 'Lizard Squad HACKS lenovo.com' \u2022 The Register

TrueCrypt Audit Cryptanalysis Handed Off to NCC Group | Threatpost | The first stop for security news

Moxie Marlinspike >> Blog >> GPG And Me

Hackers Cut in Line at the Burning Man Ticket Sale-And Get Caught | WIRED

How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It - Forbes

Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED

Accused British hacker, wanted for crimes in US, won't give up crypto keys | Ars Technica

LinkedIn premium users to get $1 each in password-leak settlement | Ars Technica

FBI: $3M Bounty for ZeuS Trojan Author - Krebs on Security

Europol cracks down on botnet infecting 3.2 million computers | Ars Technica

Snowden's favourite Linux - Tails - rushes sec-fix version to market \u2022 The Register

Cybersecurity Canon

P1 Security

The Shins - Phantom Limb [OFFICIAL VIDEO] - YouTube