LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the threat of attacks against the secret key (K) in LTE, and how is it mitigated?

Attackers may steal the pre-shared key K from the carrier's HSS/AuC or obtain it from the UICC manufacturer — card manufacturers may keep a database of these keys on their internal network. Mitigations: physical security at the UICC manufacturer and network security at the carrier.

K can be stolen from the SIM factory's key database or the carrier's HSS/AuC.

* Two theft points for the root key K — the SIM factory's key database and the carrier's HSS/AuC; with K, no cipher needs breaking. *

The threat:

  • The secret key K is the root of all LTE air-interface security (it's the LTE successor of GSM's Ki)
  • Attackers may be able to steal K from the carrier's HSS/AuC, or
  • Obtain it from the UICC (SIM card) manufacturer — because card manufacturers may keep a database of these keys within their internal network (the keys are written into the cards during production)

The mitigations:

  • Physical security measures from the UICC manufacturer
  • Network security measures from the carrier

The real-world echo — the Gemalto/"Great SIM Heist": this exact threat materialized when intelligence agencies were reported to have stolen SIM encryption keys from a major card manufacturer's network. If you steal the key database, you don't need to break any cipher — you can decrypt traffic and clone SIMs at will.

The architectural lesson: the strongest crypto is irrelevant if the key is copied at the factory or sitting in a breachable database. The supply chain of the key is part of the attack surface.

Go deeper:

From Quiz: MOBINFSEC / LTE Attack Vectors (NIST) | Updated: Jul 05, 2026