The advancement in Cellular Technology has now derived itself to a “No SIM” environment, that has picked up as a recent trend. The type of data stored on a SIM Card that is inserted into a Smart Phone, can always be stored in the internal memory of the Handset. Hence, the futile exercise of replacement of SIM or shifting of SIM to a new device, may also entail the migration of the address book, the memory of the SIM being transferred, etc. This now can be a thing of the past with the advent of the Virtual SIM. The concept of ‘Virtual SIM‘ refers to the variations of the different types of e-SIM. This e-SIM is what is built into the Smart Phone abinitio and thus needs to only map to a IMSI number allowing hooking on to a Cellular Service provider with additional security or encryption.
eSIM devices could be highly beneficial from a security perspective and convenience. The ability to store more data in an embedded SIM which is well integrated to the Board of the Smartphone adds to more convenience. The advantage of disabling the SIM will inturn also disable the Handset. The ability to track the device if another eSIM configuration is programmed on it, is also an added advantage. The integration of the IMEI with the IMSI, provides for a robust integration and also augments the ability to hook on to the Cellular service provider with ease.
While eSIM devices could be highly beneficial from a security perspective and convenience. The first problem that needs to be addressed is the transfer of the credentials into a different device. SIM cards are designed to not be easily copied and not to be remotely accessed. This means that, if a user’s phone breaks and they want to transfer their details to a new phone, they only need to physically transfer the SIM, itself. If SIM cards are integrated circuits mounted to the PCB in form factors such as QMLF, then this would not be possible. This could mean that eSIM devices cannot transfer their data which may result in users relying on the cloud to store details such as contacts, messages, and other credentials.
Also, the eSIM devices is that, while they offer security and the ability to be reprogrammed, they cannot be physically removed from the device. This may be potentially problematic for those who wish to not be tracked as phone devices with an active SIM card can easily be tracked by the network. Hence the non-removal of SIM from the Phone will service as a means to track the location, making it that much more difficult to prevent a device from being trackable.
The New Headache for Cyber Experts, LEA and Security Agencies
It is a fairly new modus operandi wherein terrorists across the border are using “Virtual SIM” cards, generated by a service provider from a foreign country. In this technology, the computer generates a telephone number and the user downloads an application of the service provider on their smartphone. The number is linked to social networking sites like WhatsApp, Facebook, Telegram or Twitter. The verification code for activating the service is generated by these networking sites and received on the smartphone. The officials said the numbers used were pre-fixed with a country code or Mobile Station International Subscriber Directory Number (MSISDN) number. This then makes the work of Cyber Experts difficult and also forensics of the devices tedious.
From the technology standpoint, the deployment is very simple as well. It seems likely that eSIMs are the way the mobile device industry is moving. Like the removable batteries of devices past, removable SIM cards are on their way out. While there are benefits for security and design, there are also drawbacks that proponents of the Right to Repair movement and security advocates are apt to dislike. In India, the technology is already in the market, and the change is inevitable. However, the security threat to the new avatar is already in the news. India has already recorded crimes related to Virtual SIM and also those perpetrators who have been able to cheat consumers in Banking Ecosystem. The need is for a fool-proof implementation with higher degree of security.