As you may have seen this morning, the news that Gemalto was hacked in 2010 has surfaced pretty rapidly. While some may not know who Gemalto is, the hack is certainly a big deal for businesses and consumers alike.
Gemalto is a chip maker specializing in SIM cards and similar payment technology, such as EMV and NFC enabled chips, manufacturing over two billion chips each year. It was recently brought to light that the company was hacked by the NSA, essentially starting from an employee’s Facebook account.
So what was stolen? Allegedly the hackers stole encryption keys used to secure SIM cards, meaning the security of billions SIM cards have been compromised. With these keys the NSA could potentially read SIM card information without needing to go through the proper channels usually required to gain access the encrypted data.
What does this mean for consumer? Essentially, the NSA has free-range access to cell data any time they want. This applies to call and messaging date, but fortunately for consumers not their application data. Application data is stored separately in the phone’s hard drive so if you use a third party messaging application like WhatsApp to communicate your messaging data is secure.
How can you protect your data despite the hack? There are a few things you can do to help make sure you data stay secure on the web, and if you follow these steps it’s less likely that your data will be stolen – remember, hackers like easy targets if they’re available.
- Strong password practices – When possible do not use the same password for multiple sites. If one site gets hacked then the attacker now has access to multiple accounts. Using encrypted password management tools like LastPass can help you manage and create multiple strong passwords. Whenever possible use a combination of random letters, numbers and characters to minimize risk.
- Multi-factor/two-factor authentication – This adds an additional layer of security to your typical username and password login information. For most sites this feature comes in the form of a one-time password (OTP) which can be either sent to your phone or email address. This password will be usable for only a short period of time and ensures you are the correct person accessing the account. At this point most services, including Gmail, DropBox, LinkedIn, Twitter and Facebook, allow you to set up multi-factor authentication for your login.
- Secure browsing – Most browsers, including Chrome allow you use HTTPS when browsing whenever possible. This secures your user data and ensures that the site you are accessing is correct. Some sites will even show you secure certificates to guarantee you are using the authentic site.
There of course is no guarantee that your data will never be taken, but by following these steps you can certainly make it harder for hackers and snooping government organizations to access your data.