In most western countries, SIMs do little else; however, they are full application platforms, allowing stuff like Kenya's mobile payment network https://en.wikipedia.org/wiki/M-Pesa.

For what it's worth, you really don't want to have every network provider negotiate with Samsung for the particular access policy of that network. "Not compatible with your telephone" indeed!

If you have a credit/debit card with a chip, look at the arrangement of the contacts and compare to a SIM card. It's essentially the same standard (ISO 7816) at the lower layers, but with different application-layer protocols on top.

Also, as a matter of being the only device in posession of the subscriber but arguably owned by the telco, I'd definitely prefer it to be a removable piece which communicates over a standard interface. The alternative of embedding it into the handset is far worse from the perspective of lock-in and perhaps security.

the sim card has one important difference. It lives in a device that provides it with 24/7 battery and radio access.

That is really worrisome when you think about. A tiny computer running applications you have no idea/access. powered 24/7. Always with you. With access to battery, network, mic, etc. And the other side of the network that could monitor it's traffic for malicious actions is owned by the very people that could abuse it in the first place.

I'd be far more concerned with the hundreds of microcontrollers running proprietary code.

[network] <-> [phone] <-> [SIM card]

In theory. Not sure how well practise matches this though.

Is it? When you turn on "airplane mode" on a phone, is there a reason for the SIM to still be receiving power at that point?

Easy to test: add a SIM pin, turn on airplane mode and reboot your phone.

the sim has direct access to the radio and other modules, by design. it only needs the actual phone cpu/os for use interface.

if it wants to take the radio out of silent mode it can.

I always presumed "airplane mode" was the specific set of features required by the FAA to enable the phone to do the same thing as a phone that's off, from the perspective of potential interference with a plane's communications.

If the SIM can still enable and use the radio despite "airplane mode" being on, then "airplane mode" is not really "a mode for making your phone safe to stay on while on an airplane."

try this: enable airplane mode and then open any app that has system permission to change gps or Bluetooth or wifi settings. it will enable those radio and the ui will still show the little airplane there.

[1] https://e-estonia.com/component/mobile-id/

[1] https://www.bankid.no/en/

EDIT: Thank you whoever downvoted an honest question that added to the discussion

The Estonian method is described as using a private key present on the SIM card, just like a normal smart card used for authenticating/signing.

Besides, pretty much all banks simply use 2 or 3 factor authentication as an anticompetitive tactic (half the businesses in most countries pay the banks 2-300$ per month just for scheduled download of transactions)

[0] https://www.youtube.com/watch?v=_-nxemBCcmU

My explanation is that it's difficult to change something that literally the entire world uses.

SIM cards are cryptographic hardware tokens. They are much more secure than passwords.

In fact, they do need a password as well on top of the hardware token, that's the 'PIN code' you have to enter when you (re)boot your phone.

I transferred my mobile phone number etc over to a new SIM card the other week and all I needed was name, address, DOB and proof of ID... of course my network didnt have any of these on file yet, so I had to first tell them these details, and then show ID to verify that I was who I had just told them that I should be. Yeah... this is the state of consumer mobile security.

None of this required physical access to the phone, I just had to login to their website, with a username and password, and change my details.

On most networks you can steal someones mobile number with just a few minutes of physical access and a bit of planning.

It means that carriers don't have to maintain "sessions" centrally. The SIM can authenticate you to the base station without the base station having to check back to see if you're logged in elsewhere - vital in reducing the latency of cell changes.

(It also stores various bits of technical information for SMS/MMS routing, and was intended to be a platform for "value added" applications.

Authentication in a telco context is a good thing, the fact that the web doesn't have it enabled a large number of applications to flourish, it also made some other things devilishly hard, or even almost impossible.

Its helpful to understand the history of mobile/wireless I think since the Telecom industry takes acronyms to an insane level. The terminology changes slightly depending on which generation of mobile is being discussed. This is a good breakdown of the evolution of mobile networks. I think its a good starting point:

http://www1.i2r.a-star.edu.sg/~wongtc/EE5406-Network-Archite...

This is a good resource for understanding more recent and relevant mobile architecture. This has a lot more detail:

http://www.slideshare.net/abhishekshringi/gsm-architecture-1...

If you really want to learn mobile and wireless networking, this is unbeatable and very thorough, I highly recommend it, grab a used copy.

https://www.amazon.com/Wireless-Communications-Andreas-F-Mol...

If you just want the 10K view see:

http://www.telecomspace.com/gsm.html

Only on home network, everybody who knows your IMSI and have low level access to phone network can clone your identity in roaming.

The alternatives are worse in usability AND security.

If you don't want your account to be hacked: yes.

(and Even if you did, it would need to be backward-compatible and still support SIM cards)

There is a good deal more to telecoms tech than just the tech side - the standardisation process brings a whole bunch of competitor companies into a room to develop a solution, incrementally over a number of years.

This applies from physical aspects all the way up to higher level concerns like security. It's a fascinating development process.

At the same time I totally trust my sim, it's never been more than 10 meters away from me in the last decade or two, hasn't failed me even once and it would be very hard to get it to cough up its secrets without my cooperation (so rubber hose cryptography would still work).

Contrary to www security the phone system seems - from my perspective - at least to have done a half decent job at integrating 2FA when your average website - 20 years later - is still making up its mind about whether or not that might be a useful thing to add.

What we need is a SIM-type system on the web as well, not to bring the broken web password system elsewhere.

I believe he's contrasting this between a built-in solution. So say Samsung would put a hardwired UICC (SIM) in the phone and ATT say would make Samsung give ATT an "area" (Security Domain" in UICC parlance) to provision. For all intents and purposes it would work the same. If you wantd to switch carriers I'm guessing there would be a 'virtual' switch SIM app or some such.

If you're bored, you can read about it here:

https://www.globalplatform.org

With SIM cards, users can switch to a new phone by just moving the SIM, or switch to a new provider while keeping their phone (assuming its unlocked) by just replacing the SIM.

Prior to SIM cards phones where frequently programmed to be tied to a specific provider.

A pure software solution could work, but requires the network operators to be able to trust the phone manufacturers to secure it well enough to not let end users change things in ways they're not supposed to (e.g. consider a hacker harvesting authentication details from phones). The SIM card is the simple solution.

  - http://www.androidauthority.com/best-dual-sim-android-phones-529470/

I've already taken advantage of it being unlocked by switching carriers (saved some bucks) when I saw the prices on one were now better than what I'd been paying.

> Unlocked phones are still relatively rare in the US so I don't agree with your second point either.

As you point out, where GSM networks are concerned, this observation is mostly specific to the US - swapping phones and swapping SIMs has been a reality in the rest of the world for years.

Instead, the main source of friction is frequency bands. When swapping phones, it's not often an issue when switching between locally distributed phone models, since they are the Asia/international models with more band compatibility. When swapping SIMs domestically, it's not an issue for the same reason. When swapping SIMs internationally, phone service typically works, but if you want high speed data _then_ you check for band compatibility.

I'd say that for most of the world, the reduction in friction is real. It's a pity that the US market is so different.

It's still prevalent here in the UK, although the competition is fierce enough for you to be able to find a vendor that sells a phone unlocked.

Usernames and passwords suck. A lot. We should be striving to get rid of them, not make more places need them.

> Unlocked phones are still relatively rare in the US so I don't agree with your second point either.

That leaves the vast majority of the world market. The US is not even the largest cellphone market any more, and haven't been for a while.

> They also trust the phone manufacturer software as they rigorously test it before it's pushed to it's subs.

Not GSM network operator has no control over what devices are on their network, just what SIMs are on it. They may or may not have control over their own subscribers, but roaming ensures that any random GSM capable device can appear on their network, E.g. I have some Chinese phone that my network operator probably haven't heard about.

> Note that I have actually worked for some major carriers and have been in discussions with VPs discussing this very issue. See my other answer further down the thread.

Unless said VPs were VPs in European carriers or manufacturers ~30 years ago, when the discussions in CELP and later ETSI led to the adoption of SIMs in the GSM standard, that is quite irrelevant.

But I'm glad for it, because the foresight of the designers of GSM to put your private key in a smartcard has absolutely improved consumer choice worldwide. I can buy an unlocked phone, travel to any country, buy a SIM card at the airport and pop it in my phone and the GSM(/UMTS/LTE) standards say it must work.

A software-based system will quickly devolve into a "oh we haven't approved this phone on our network, sorry we won't activate it" and other anti-consumer activities you saw on the ESN-registration-based US CDMA networks.

Hopefully when the GSMA adds eSIM to the standard, they add protections for consumer choice, but in the current corporate climate I fear they won't.

http://www.theverge.com/2016/2/18/11044624/esim-wearable-sma...

It's not the SIM card that is not portable, but the phone that you bought.

The SIM is what separates your identity from the hardware of the phone (which has its own identity called 'IMEI').

A 'software solution' would need a carrier, that carrier IS the SIM.

Another nice benefit of having the SIM device is that it makes it much harder to 'clone' a subscriber ID, something that would regularly happen in the days before the SIM card, note that the SIM was a development that came along with GSM, and that GSM was the first mobile phone standard resistant against cloning. It's one part of the 2FA (something that you have) that gives you access to the phone network (the other being the PIN code (something that you know) required to unlock the SIM).

This presented a usability nightmare back in the days of feature phones, where if you didn't specifically say where to store contacts, it would often default to the phone's storage rather than SIM, or if you breached the number of contacts on a SIM you'd have overspill onto the phone memory (sometimes without realising)

This presented a lot of unnecessary confusion when it came to upgrading devices, or if you damaged your phone.

I must add you can find flip phones cheaper than cost of lightening cables.

No. That ensures you can't send encrypted messages or do encrypted calls.

Also see one of the reasons Signal moved to sending encrypted messages as data and stopped supporting encrypted messages sent as sms.

> SMS and MMS are a security disaster. They leak all possible metadata 100% of the time to thousands of cellular carriers worldwide. It's common to think of SMS/MMS as being "offline" or "peer to peer," but the truth is that SMS/MMS messages are still processed by servers--the servers are just controlled by the telcos. We don't want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Egypt, Cuba, USA, etc... to have direct access to the metadata of TextSecure users in those countries or anywhere else.

https://whispersystems.org/blog/goodbye-encrypted-sms/

Now, you could of course argue that they only have themselves to blame.

I'd prefer all this stuff came with physical switches so it can be enabled/disabled in a hack-proof manner.

While not as precise, you can definitively leak your location by scanning for the surrounding cell towers, especially in a city, which usually have hundreds or thousands of them (Manhattan alone has eleven, for example). I used to run a Python script on my Nokia phone that logged the tower ID, and I could reliable tell when I got to work, home, etc.

And that's just for people who control your phone. Your operator has U-TDOA¹, which is typically accurate to 50m.

The camera part is true, but tape is cheap :)

¹ https://en.wikipedia.org/wiki/U-TDOA

It's also not accurate to within enough resolution start targeting advertising and other nuisance information at me even if there was a way to present me that (which there isn't).

I'm well aware of the power of triangulation, I used to go fox hunting.

http://www.homingin.com/

Though European laws are still mostly sane in that regard.

That's really quite a way from "hundreds or thousands".

What's your threat model? https://ssd.eff.org/en/module/introduction-threat-modeling

For most people mass surveillance is a more realistic threat than the NSA hacking their camera.

I don't have any illusions about being able to stay private from the eyes of nation state level adversaries but commercial entities can still be kept out if you try.

The GSMA and members (i.e. telcos) have been working on secure remote provisioning. I think it'll take a while for the technology to make it in to consumer devices, though it's likely to be used in IoT relatively soon.

It takes a long time to spec these things up collaboratively and then even longer for telco's to act on it!

See: http://www.gsma.com/rsp/2016/04/27/esim-opportunity-operator... and http://www.gsma.com/rsp/ (Warning: Lots of marketing BS)

They are selling local data-plans abroad without switching the SIM card by implementing RSP. Calls are coming in 2017, also promising a portable phone number later that year.

See picture of the process here: https://twitter.com/lathiat/status/758979125751054336

Works fantastically and gives me $30/GB data in pretty much any country at often 4G speeds - with a 12 month expiry on the data (does cost $20 a year or something for 'membership' but still, usually costs far more than that for a sim starter pack in every different separate country you go to). Good for frequent travellers!

Obligatory please use my referral link if you signup :-) Bonus 100MB for both me and you. http://www.flexiroamx.com/referYXBBCJ / Code YXBBCJ

Some European operators still have cheaper roaming data plans

In the case of a true eSIM, there is no sim card at all, it's stored on the device it's self with a lower level bootstraping profile (i.e. not an alternative pre-programmed carrier)

Quite a few years ago (2005?) a family member purchased a Samsung-branded dumbphone on a contract. (Monochrome LCD (something like 128x64?), polyphonic ringtones, 3 fixed games, a (really slow, GSM data) WAP browser; that was it. Model SGH-something, I vaguely recall.)

It had no SIM card slot. It was locked to the network (Orange - in Australia FWIW) via software. In order to unlock it we had to call up the telco and go through some process, which we decided not to do in the end (whatever it was, I don't recall), since the phone had less capabilities than the Nokias that flood India and similar places, so we concluded there was no point selling it by the time we dug it out one day and tried to figure out what to do with it. (It's still buried in a box somewhere IIRC.)

I think this is why SIM-less phones are reasonably rare - it's really, really hard to de-contract them, unlock them and put them into sellable (or whatever) condition. Then once you've done that the recipient has to go through some equally arcane process to get the thing linked to a plan/contract too. And considering the ability to pass a phone on is a fairly major selling point - phones aren't solely purchased [preconfigured] on plans, then disposed - I think this was explored somewhat by the industry but ultimately left alone.

Some of the other things I've found in this thread are really interesting, although I wonder how difficult it is to "unconfigure" such a device to sell or pass it on.

I always go for GSM supported phones.

SIMs are smart cards in the exact same way as your NFC-enabled credit card, or other cards, and many systems use the SIM to store payment data actually.

Android Pay could do exactly that, too – but doesn’t, because one US network prevented them from storing that on the SIM, so instead it’s stored in normal memory, which led to safetynet, which led to Android phones being less user-servicable than even Apple devices.

They hate anything that isn't under their control.

There are way too many people in the US who think Verizon is their only option because they haven't tried other providers in a decade.

In 3rd world countries, people regularly swithch their SIMs as they travel across borders because no one has cross-country access. Taking a SIM out only uses up a minute of your time, and standizing on a hardwardware dongle like that is great because if company A goes out of business, you just grab a new SIM and stick it in.

It's a bit harder in the US, where phones are locked to their providers, and you need IDs to buy SIMs but that's really all just a regulation issue, not a technical one.

Broken phone? Pop the SIM card into another phone, and you can immediately make and receive calls & texts on the new phone using your phone number.

If you had no SIM card, how would you authenticate yourself to the cell network (that's what the SIM card does)? Going online and then providing a username/password? This would be horrible security-wise as we all know people are terrible at picking secure unique passwords. So hackers could try to guess your password, then they would use your account, receives your calls & texts, and they could steal your cell data, causing you to receive large cellphone bills, etc. A total nightmare.

No, it is the opposite.

It is exactly done like this so you only need to get the sim card and not need to have the operator decide for you (of course people shoot themselves in the foot by signing a long term contract while getting a locked mobile phone)

As for why you still need them, I see some reasons:

1. The alternative may be worse. At least with SIM cards you can switch operator when you want (if the phone is not carrier locked, bleh), or use a local prepaid SIM when abroad.

2. Inertia. Removing the physical SIM would require getting operators and phone manufacturers to coordinate.

3. The IM card is what securely identifies the owner of a phone number, and makes sure they are not two phones with the same number. With a software SIM, if it is done wrong, you risk getting malware that steals your phone number.

Personally, I think we will eventually see SIM-free data only connections without a phone number. You really should be able to buy an LTE tablet, get online and just pay for some data. Apples has been trying a bit with the Apple SIM, but it is US only, and only works with a few operators.

http://www.apple.com/ipad/apple-sim/

I hear you that it should be doable in software, although I'd argue that if anything you should still need the SIM as a sort of second factor. (Otherwise you run the risk of people stealing your phone account remotely).

without that, i would have to either buy a local phone or deal with how expensive my carrier makes to use internet outside my own country.

Honestly, I wish their use would expand into other areas of our lives -- replacing username and password combinations for various devices (working for an ISP, home routers are one good example).

As much as I'm against the idea of a mandatory "national ID", I'm convinced that it will happen someday (in .us, where I live). When it does, I believe it'll be something similar to US DoD's CAC [1]: a physical identification card that doubles as a smart card. The private keys stored on the card will allow you to prove your identity to your banks/financial institutions, e-mail account (100% encryption of all e-mails? Yes, please!), and so on.

[1]: https://en.wikipedia.org/wiki/Common_Access_Card

Now that I think about, just the encryption itself will increase the computational cost of sending out spam e-mails. While today a spammer can blast out an e-mail to 100 recipients very quickly, it'll take a fair bit longer to do once the spammer has to query and retrieve 100 public keys (one for each of the recipients) and then encrypt the e-mail 100 times over.

As for encrypting the e-mail 100 times. AES acceleration is great in CPU's, and you can cache public keys. The only real-ish bottleneck could be key-generation.

That said, someone else had a decent idea. Require white-listing for encrypted e-mail.

In the U.S., LTE is the first time that CDMA phones have had sim cards, that's ~2 years ago.

The software solution (using IMEI and PUK) is the old technology. It's less secure; verizon and sprint will charge you ~$40 activation fees, etc.

A 100% purely software solution can be built based on white box encryption. It's slower and may be more easily attacked than a hardware protection (you never know if/when some genius mathematician or physician (quantum cryptographic attacks) breaks your encryption. But it has the advantage that it can run on all devices. cf. eg. https://www.trustonic.com/solutions/trustonic-hybrid-protect...

Then of course, there's the problem of key management and distribution thru software. Using a physical token has several good security properties. Replicating them in software (encryption) is difficult and error-prone. For end users, and service provides, it's much easier to swap a SIM card, than to install securely cryptographic keys and authentication tokens into his trusted execution environment even with the help of well written software.

1) One SIMs are a bit harder to tamper with than the OS of a phone which I am assuming would be the alternative to a SIM card i.e storing the same information on NAND flash accessible to the OS. SIMs have some threshold(it used to be 3) of unsuccessful attempts to read the card. A lock is activated and can only be unlocked entering the unlock code.

2) Carriers can talk directly to the SIM - A "SIM" is basically a Java applet that runs on UICC(Universal Integrated Circuit Card - the smart card itself.) I think a lot of people don't know that SIMs run Java - well Java Card. This mean that they can remotely lock a SIM card to prevent it from further accessing their network. If someone stole my phone or even just my SIM card I could call my carrier and they could lock the SIM remotely and consequently unlock it. They can also use the SIM to push new PRLs - preferred roaming lists. This is generally called OTA or over the air provisioning.

3)Convenience, if I use a pre-paid services with an MVNO or travel to another country and buy a pre-paid SIM while on holiday, I don't need to do anything else except insert the new SIM and power on the phone. What would the non-SIM card alternative look like? Its hard to imagine it being easier.

4)Carrier-locked phones, such as what you get when you are under contract to a carrier. The way phones are locked is by having the phone only accept SIMs from the carriers network. An unlocked phone will accept a SIM from any carriers network.

If anyone is interested this DEFCON presentation - "The Secret Life of SIM Cards", is pretty interesting:

https://www.defcon.org/images/defcon-21/dc-21-presentations/...

If I recall correctly german ISPs are trying to find a solution there by embedding the SIM into the device and then branding it on changing provider.

The problems SIM cards are (trying) solve is largely to "secure" the phone network. This mostly boils down who to send the large bill when shit goes fan. (The mobile network is pretty much non-secure, which is why SMS-2FA is not a good solution at all)

(They're also technically a backdoor for your ISP to do whatever they want)

Anyway, the reason SIM cards haven't died yet is probably because there is not much reason to replace them. They're tiny (so Apple doesn't kill it for half a millimeter of thickness) and pretty useful for the ISP to setup certificates and connection details.

I am struggling to see the point of embedded SIMs as it defeats the purpose of a SIM card in the first place; that of being portable and transient, of being able to hot swap your phone number to different devices.

It lets you virtually subscribe to a network, so for example if you're traveling, you don't need a local card just pop up some software and choose a new network.

Apple already has some devices that implement it, AFAIK, the iPad Pros use this. Apple calls it Apple SIM (https://techcrunch.com/2016/03/23/explainer-alert-heres-what...)

Apple have begun a limited initiative towards just that: http://www.apple.com/ipad/apple-sim/

Telephone and internet connectivity should really be like electric supply and other utilities. We should be able to connect wherever we are and pay as-we-go through our device.

As an interesting aside, here's look at just how complex SIMs are: https://news.ycombinator.com/item?id=12674846

They are practically equal to the computers we were using 30 years ago!

Why would I want a SIM card with one IMSI on it when I can have a SIM card with up to 20 IMSIs from various networks all around the world, or even better the ability to constantly swap and trade IMSIs from various networks, new connectivity set everyday. A global community calls for global connectivity.

I don't understand how you came to this conclusion.

I move between networks very regularly due to frequent travel to different countries. Pulling out your old sim card and putting in a new sim takes maybe 2 minutes. You are then immediately off your old network and on the new network. Once you have the sim in your possession you don't need to talk to anyone, fill in any details, log into anything or even remember anything.

Short of some process that is 100% automatic I can't imagine a more low friction process.

I think he's contrasting this with soft-SIMs, where there's no physical sim to switch (maybe an app, provided by the manufacturer) and theoretically no cash required.

1) Security: telco laws these days often require registration of accounts to your personal ID (i.e. no anonymous usage any more). How would a pure soft-SIM be able to fetch the data from the network?

2) Flexibility: SIM is pretty much standardized. This means a newcomer MVNO just has to issue SIM cards and the customer can use any kind of phone (or other interface, like a modem, a 2G/3G shield, ...) to use the network. And if a device breaks, then the SIM card usually stays intact and can be placed in a new device. Not sure how to securely do this with a soft-SIM.

It also is a classic telco hedge.

Step 1) We need towers to make this thing work. Let's build towers.

Step 2) These towers are super expensive and make the expense amortization complicated. Let's sell the towers and then lease from the buyer.

Step 3) oh crap. There is no encryption and people are cloning handsets. Let's use SIM cards to separate sensitive operations from the rest of the device.

Step 4) manufacturing sims is complicated. Let's buy sims from other suppliers and make them sign off on unlimited liability clauses if their identity solution is compromised.

It is all about two things: Preventing a single player from having too much power on the ecosystem and transferring financial risk. There is no evil plan. It's all rather mundane.

Same with switching devices and keeping a provider. Using a SIM, takes about a minute. Not using a SIM? Call them or whatever, maybe pay a fee.

It amuses me that these slim-SIMs, and SIM cards in general, are one of the few pieces of technology that are utterly opaque to the user and yet are so widespread.

Edit: For example, I recently upgraded to an iPhone 7, at the Apple store. This required a new SIM card, but the salesperson was very careful to return the old SIM card to me. Why? What am I supposed to do with this old SIM card?

Here I am, asking myself why smartcards aren't so hot in modern 'hacker' community...

Also see a company called SIMless.

There's a lot of market momentum around SIM cards and it keeps a telco's offering really sticky. It is more effort for people to swap hardware instead of software.

I'd love to see evidence of this. Switching SIMs is something non-technical users do regularly.

For IoT cellular the logic is it's more effort to recall a device and swap a SIM card than to reprovision the SIM profile via a software dashboard.

I'm sure we could put our minds together to come up with a robust user study. Thoughts?

It's not swapping the SIMs that provides friction when changing providers.

> For IoT cellular the logic is it's more effort to recall a device and swap a SIM card than to reprovision the SIM profile via a software dashboard.

If you can reprovision it remotely, you're one flaw away from a hacker being able to reprovision it. Meanwhile, the SIM design means there's little reason you'd need to recall it rather than simply send out new SIMs and have users swap them in.

Each SIM has a unique ID that is used to track/bill/identify your phone.

To be more precise, the SIM is actually a crypto CPU that stores a private key, and can perform crypto using that private key on behalf of the phone, without betraying the key itself.

This is also how Chip-and-PIN debit/credit cards are designed to work (so that a rogue terminal/skimmer can't just clone the card number), although there are various real-world implementation flaws with most of those.

A software solution would quickly devolve into the US CDMA system where you have to get a whole new phone to change providers.

[0]: http://en.miui.com/thread-146080-1-1.html

https://www.knowroaming.com/softsim/

KnowRoaming is a Canadian MVNO which now owns a full American MNO located out of Nevada and licensed out of Missouri for spectrum.