The World Wide Web Foundation set up by internet inventor Tim Berners-Lee has called for urgent steps to secure newly-revealed vulnerabilities in mobile communications.
The appeal comes in response to reports that UK and US intelligence agencies hacked into Sim card maker Gemalto to steal mobile encryption keys.
The alleged hack would have enabled the spy agencies to monitor a large portion of the world's data and voice communications using mobile devices.
Gemalto’s customers reportedly include AT&T, T-Mobile, Verizon, Sprint and about 450 wireless network providers around the world.
“The news that US and UK spy agencies hacked the network of a Dutch company to steal encryption keys for billions of Sim cards is truly shocking,” said Anne Jellema, chief executive officer of the World Wide Web Foundation.
“Possession of these keys would allow these agencies to access private calls, web browsing records and other online communications without any of the legal safeguards and processes in place to prevent abuses of power.”
Jellema said that if the allegations are true, it is another worrying sign that these agencies think they are above the law.
READ MORE ON MOBILE SECURITY
- Spy agencies’ hacking of mobile encryption keys is no surprise, says security expert
- Gemalto denies knowledge of GCHQ and NSA Sim card hack
- NSA mobile phone network hacking raises security concerns
- How to secure GSM phones against cell phone eavesdropping
- iPhones not a security threat to China, says Apple
- NSA tracks 5 billion phone records daily, Snowden docs show
- Mobiles and POS systems to top cyber hit list, says Verisign
- Black Hat: GSM hacking tools now available
“Apart from a blatant disregard for multiple human rights, this foolish move undermines the security and future of the global mobile payments industry, which is estimated to be worth over $235bn,” she said.
The foundation is also concerned about the impact on countries where internet access is typically mobile-based, and is relied upon to trade and connect.
“It's time for answers,” said Jellema. “The NSA and GCHQ, and the politicians responsible for their oversight, need to provide a full and frank disclosure as to why they hacked a private company, and one headquartered in an ally country.
“We also need to understand how these keys were used, and what judicial oversight and legal framework kept us safe from abuses. Urgent steps must be taken to prevent criminal networks from exploiting these vulnerabilities.”
The World Wide Web Foundation was set up to establish the open web as a global public good and a basic right.
The group campaigns for free access to the internet for everyone, everywhere to communicate, collaborate and innovate.