Comment Re:even more interesting (Score 1) 155
I think that it depends on how the keying is handled, and what role the smartcard plays.
As best I've been able to tell from what articles I've read, the NSA and friends were snarfing the Kis as they were sent from telcos ordering SIMs to Gemalto, where they were burned in. They may have some other program aimed at bugging the silicon or firmware of the smartcard ICs themselves, which would be a different problem; but according to what we know of this attack, it would not affect smartcards that are used to generate their own private key, onboard, or provisioned by the customer, after delivery, just the ones provisioned by Gemalto on behalf of the customer.
That's a very large number of affected units, of course; but (barring disclosure of further nasty tricks) it isn't an attack on the actual function of the smartcard, just on a weak link in the production process for preconfigured smartcards.
As best I've been able to tell from what articles I've read, the NSA and friends were snarfing the Kis as they were sent from telcos ordering SIMs to Gemalto, where they were burned in. They may have some other program aimed at bugging the silicon or firmware of the smartcard ICs themselves, which would be a different problem; but according to what we know of this attack, it would not affect smartcards that are used to generate their own private key, onboard, or provisioned by the customer, after delivery, just the ones provisioned by Gemalto on behalf of the customer.
That's a very large number of affected units, of course; but (barring disclosure of further nasty tricks) it isn't an attack on the actual function of the smartcard, just on a weak link in the production process for preconfigured smartcards.