Embedded SIM Design Means No More Swapping Cards 192
judgecorp writes "A new remotely-programmable embedded SIM design from the GSMA operators' group means that devices can be operated on the Internet of things and won't have to be opened up to have their SIM card changed if they move to a different operator. The design could speed up embedded applications."
why? (Score:5, Insightful)
why is this needed?
Re:why? (Score:5, Funny)
Because nano-sim is too big for Apple users because it's still bigger than their penises.
Re: (Score:2)
I know he was trolling, but he never said it was too heavy...
Re:why? (Score:5, Interesting)
Re:why? (Score:5, Insightful)
"I'd say it is not needed. Because anything described as "remotely programmable" means "remotely abuse-able". Botnet operators will love it."
My thoughts exactly.
If I buy a phone, I want it to be MY phone. I don't want or need "remotely programmable" bullshit. I am so tired of this kind of garbage I can hardly put it into words.
Re: (Score:3)
Or an online watch, where there are advantages to having it sealed up, with no SIM slot. Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone.
Re:why? (Score:4, Insightful)
Did you even RTFA? This is for the 'internet of things' - Imagine you want to move the anti-theft system in your motorcycle from carrier A to B. Or a city wants to move their digital parking meters to a cheaper carrier. Instead of needing to move a physical SIM you could do is online. Or an online watch, where there are advantages to having it sealed up, with no SIM slot. Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.
Imagine all of those scenarios except the person/entity making the changes isn't the owner.
Re: why? (Score:2)
You mean like with current GSM setups? If the operator doesn't like you they can just zap your IMEI or any other identifiers.
Re: (Score:2)
Re:why? (Score:5, Insightful)
Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.
When I travel with my phone, I don't even want to turn it on before I put in a new SIM for the local system. Turn it on, it registers with the local carrier and your home carrier starts forwarding calls to it -- at international rates.
I certainly don't want "presto" reprogramming my SIM. I don't want to have to call my home carrier to tell them to move it to X, and then X to have them move it back, and have one or both of them charge me for the privilege of screwing it up so I have no working phone at all. No thanks. That's one of the benefits of having GSM versus whatever. The phone is the SIM, and I can carry more than one to be more than one thing. And I can use the second SIM in my backup phone without it costing me a second plan on both carriers.
Re:why? (Score:4, Insightful)
It's YOUR phone. You should be able to do anything you want with it, and use it with any carrier of your choice. I see no justifiable reason why "someone else" should have control over ANY kind of "remote" control over it.
As I wrote to someone else: that's trading freedom for a little bit of convenience. In the long run, that will turn out to be a bad trade almost every time.
Re: (Score:2)
Re:why? (Score:5, Insightful)
Doing things online to physical devices is usually slower, less efficient, and less intuitive.
Re: (Score:2)
Further, why would you want your "internet of things" to operate via telephone towers and telephone carriers?
What else would your motorcycle use? Parking meters? Your burglar / fire alarm? Telemetry at a natural gas junction? Traffic sensors? The wrist band to track granny when she has Alzheimer's? The "Next Bus" sigh at your local bus stop?
...and that's off the top of my head in 30 seconds. I'm sure there are many more.
Look out the window...
Re: (Score:2)
What, like all modern smartphones?
Re: (Score:3)
Carriers will love it too, since they'll once again make the device owner beholden to them for the "magic keys".
Re:why? (Score:5, Interesting)
waterproof phones? My Motorola Defy is good and all, but those rubber plugs and the seal around the battery cover can only take 1M of water pressure.
Re: (Score:2)
the rubber isn't there to protect the sim card... unless they permanently embed the battery, you're still in the same boat.
Re: (Score:3)
I think the issue occurs when one is out of the boat here.. In the boat is fine.
Re: (Score:2)
But what if he's in one of those boats that go under water? You know, what do you call them? Sunk. That's it.
Re: (Score:2)
I think you'd have bigger problems unless your emergency plan is to use your mobile to call for help.
Re: (Score:2)
Well, maybe post to Twitter
Re: (Score:2)
Exactly how many bars of service do you get under any significant depth of water? How garbled is the voice stream?
Randomly googling, check out the third response:
http://www.scubaboard.com/forums/archive/index.php/t-290525.html [scubaboard.com]
Re: (Score:2)
Yeah but if you're still in the same boat then you're on water and still need a waterproof phone, so you're back to square one.
Re: (Score:2)
The rubber plugs are for the USB and headphone sockets.
When was the last time you saw an iPhone with a MicroSD card slot or replaceable battery?
If there was no MicroSD card, SIM card and no replaceable battery, there would be no need for the removable back cover, that tends to fall off every now and then after two years of use.
Head phones can be replaced with bluetooth, charging can be done wirelessly, plugs can be made water proof.
The mic, speaker and vol/power buttons are already waterproof.
Re: (Score:2)
Re: (Score:2)
That much water would block the signal anyway, what's the point of bringing a phone underwater?
Re: (Score:2)
To take cruddy underwater pictures?
I always thought that the main benefit of waterproof phones is not to enable underwater use, but to protect against accidental plunges.
Re: (Score:2)
The thing is, everyone makes their phones as thin and dense as possible. Which means they sink like a stone. A couple months ago, I watched a person pull a stocking hat out of his coat pocket ... the same pocket his iPhone was in ... a fraction of a second later, there's a sickening little splash sound and a short time after that, the realization that his phone had become lodged in marina muck under 15 ft of saltwater. Unless the phone floats, accidental plunges only protects against toilets and mud pudd
Re: (Score:2)
So if it gets wet it doesn't stop working.
Re: (Score:2)
waterproof phones? My Motorola Defy is good and all, but those rubber plugs and the seal around the battery cover can only take 1M of water pressure.
Oh yeah? Well mine can take 55.56 M of water concentration. I'm not sure about the pressure/depth though...
Re: (Score:2)
Well one reason I would like this is that the nano SIMs in a lot of current phones are simply too tiny to easily change while on a plane. I travel for work to several different countries and have a local SIM for each. Trying to manipulate and swap out those tiny SIMs while cramped up into an aeroplane seat sucks.
I could wait until I arrive I suppose, but it's something useful to do while you have dead time on the plane, plus there usually isn't a good place to do it when you arrive and are herded into the i
Re:why? (Score:5, Insightful)
so you think it will be easier and more painless to have to call your provider each time you want to switch to activate it?
i'll take fidgeting with a small sim card over dealing with a call center
Re:why? (Score:5, Insightful)
Not only that, but imagine what happens when they refuse to assist you in switching?
When you have a physical sim you can swap it yourself. You have no such choice if you don't have control over the sim.
This is actually a very large loss to phone users unless you can reprogram it yourself.
Re: (Score:2)
You can't fiddle with your cell phone on a plane anyway. You could cause it to crash.
Re:why? (Score:5, Funny)
Re:why? (Score:5, Insightful)
Not only why? But I don't want it. This seems like a huge step backwards for consumers. One of the great things
about GSM vs CDMA is the ability to move a phone from carrier to carrier or a number from phone to phone. I don't
want an embedded sim that only the carrier can change and I can't swap to a different handset or carrier. Some
things I routinely do are swap a sim when in a foreign country or put my sim into an old cheap phone when I take
it to the beach or if my phone is acting up, dies, or needs to be charged.
Re: (Score:3)
Not only why? But I don't want it. This seems like a huge step backwards for consumers. One of the great things
about GSM vs CDMA is the ability to move a phone from carrier to carrier or a number from phone to phone. I don't
want an embedded sim that only the carrier can change and I can't swap to a different handset or carrier. Some
things I routinely do are swap a sim when in a foreign country or put my sim into an old cheap phone when I take
it to the beach or if my phone is acting up, dies, or needs to be charged.
Good thing it isn't intended for consumers, then. Look, I know this is Slashdot and it isn't cool to RTFA, but, really, from TFA:
Despite the convenience of over-the-air management, the GSMA says the embedded design is not meant to replace conventional SIM cards, even though this exact idea was floated when ETSI was deciding on the future of the nano-SIM in 2012.
Re:why? (Score:4, Insightful)
And FISA wasn't "intended" to allow the NSA to spy on Americans. But you can see how that worked out!
Re: (Score:2)
" I don't want an embedded sim that only the carrier can change ..."
They wish.
Re:why? (Score:4, Insightful)
So that you have to replace your entire phone if you have a bad sim.
I'm not sure how that's a good thing, but I'm guessing the carriers didn't think about that.
Re: (Score:2, Informative)
RTFA. They're not talking about phones; they're talking about assorted Internet-of-Things devices--how your toaster and your microwave talk to your Roomba.
Do you want your smart electric meter to stop talking to your electric company because they're switching network standards and don't have time to send a technician to change SIM chips in every meter in the city? With this, your meter can be reprogrammed to connect to an updated network without a service call to your house.
Of course, if someone hacks the
Re: (Score:2)
I'm not convinced of that. Swapping a sim is something I can do myself quickly and easilly/. ill I be able to reprogram these myself or will I have to call up one or possiblly both of the carriers involved and ask them to do it? how long will that take? hours? days? will scummy "virtual carriers" be able to "hijack" devices and bring them onto their "network" without the owners permission? will it be reasonablly possible to transfer a device between carriers in different countries?
What could possibly go wrong. (Score:4, Interesting)
Compared to a hard wired chip, we got something controlled by software. And a lot of Devices that likes to be jail braked.
Re: (Score:2)
The point is that in many places it is not legal to put in a phone "in jail" in the first place. So if they want to get rid of physical SIM card they need a non-physical way of changing the phone to a different provider on the fly.
Sounds good in theory... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
I'd like it as if it was just:
Settings > Networks:
Set phone network to use.
Set phone number to use (identity on the network).
Set passphrase to use (probably a key given by the network, like PUK code).
Connect to network.
Ooooo OAuth2 like would be interdasting.
Re: (Score:2)
It's a bit more complicated than that since all the carriers in the US use wildly different frequency bands. I've got a Lenovo S750 (waterproof and all that) thatI love, but can't get over 2G speeds due to all the spectrum issues in the US. Also, it has TWO sim cards so I can be on multiple networks at once. Lucky for me I'm usually in range of wifi so its not really a problem. Streaming pandora while I drive down the road is about the only thing I miss, and I didnt do that much anyway.
Re: (Score:2)
And I thought phones these days were packed with multi-frequency band capabilities to allow that crap.
Or at least to make it cheaper for device manufacturer by selling one phone capable for all networks. But hey, I don't know the US mobile landscape.
Re: (Score:2)
OAuth2 like would be interdasting.
Would it? Well, OAuth's lead designer politely disagrees [hueniverse.com]
Re: (Score:2)
Sounds good in theory, just so long as the "remote provisioning" can be handled by the user of the device, and the user doesn't have to ask permission from anyone.
Don't be silly, it is precisely that capability which the carriers want to eliminate.
There is nothing wrong with SIMs. You know when you change out your sim card that your ties with the prior carrier are interrupted. Who knows what information this scheme will provide to your prior carrier, or government monitors.
This seems more likely to provide protection for Government wire tapping than any benefit to the user.
Re: (Score:2)
Don't be silly, it is precisely that capability which the carriers want to eliminate.
Yeah, if *you're* not controlling the access to the SIM module, then *somebody else* is. If anybody can think of a secure way to make this happen without the user losing control, please leave a comment.
Happy trails (Score:2)
Re: (Score:2)
Neat, an audit trail that follows you, forever.
A wiretap that follows you around as well.
Re: (Score:2)
There already is one.
The phone already has a unique ID as well (that you aren't supposed to be able to change, and in some countries is illegal to do so because its used to black list stolen phones), called the IMEI number. The SIM card has an IMSI number.
It also means no user SIM swapping (Score:2)
This also means that users can no longer swap the SIM card to move a device between carriers (e.g. putting in a local SIM when traveling). I doubt that the carriers are going to make this easily changed by users, since it means less lock-in.
Re: (Score:2)
Internet of Things (Score:5, Insightful)
Re: (Score:3)
cloud was inevitable; every network diagram I've ever seen always represented the internet as a "cloud".
I've always thought it was perfectly approrpriate too. Its a relatively opaque morphous network outside of your direct control, there's "stuff" in it, you can connect to but you don't really know what or where it is.
And cloud storage and cloud compute etc is literally moving those servers on those diagrams INTO the cloud. :)
So cloud doesn't bug me as a term at all. As a trend it offends me greatly, since
Re: (Score:2)
There were no "things" on the internet until recently, there were only computers.
Re: (Score:2)
There are a lot of things that I can imagine that wouldn't be described as computers, but could be on the internet. Home security systems. Garage door openers. TVs (okay, that one is arguable). Washing machines, driers, ovens... any number of things that, w/ an embedded kit, could be remotely addressable and controlled from outside. Like you're on the road when your spouse calls you, telling you that s/he is stuck outside. Or you've left home, but remember after 10 minutes that you forgot to turn off
Re: (Score:2)
Yes, I totally want my oven and doors controllable over the Internet.
Totally.
Absolutely.
It makes so much sense.
I mean, what could possibly go wrong?
Security Nightmare (Score:2)
I can see the utility, but this seems like a security issue. Isn't one of the purposes of the SIM to provide a physical identity chip? Why does it need to be programmable? Shouldn't you just say 'this SIM now has access to this network'?
I probably just don't understand the function of a SIM card well enough to get the significance of this. Can someone clarify? I am not 5, FYI, and I can understand multi-syllabic words.
Cloning a phone just got easier... (Score:3)
What could possibly go wrong? (Score:5, Insightful)
I view this as bad for a number of reasons:
1. Normally, when you have service, it's attached to the SIM, not the phone. With this new embedded SIM model, this goes away. Your service is attached to the phone. Bad.
2. Remotely programmable means that it will be even easier for hackers to fuck with your phone. Bad.
3. Your phone is really no longer your phone. The carrier will have ultimate jurisdiction over the phone, unless you pull the battery. Bad.
4. If I lose or seriously damage my phone, my SIM is gone, and I HAVE to buy a new phone and activate it again. Bad.
I won't want a phone like this if this is how the carriers want to do business. I'll keep my removable SIM card thank you very much.
Re: (Score:3)
You hit the nail on the head. With CDMA providers, unless you buy the device from them, AFAIK, they won't allow it on the network. With GSM providers, if you had an unlocked device with the proper antenna bands, it would work without issue, and just swapping the SIM did the job. No calling up and pleading for permission to use the device, just a card swap and perhaps a power cycle.
A simless device gets us back to the bad old days. With those, I have to beg/plead with the telco in order to have a device
Re: (Score:2)
Yup. I will never be a customer for a phone that doesn't let me use the SIM of my own choosing.
Re: (Score:2)
And what will you do? The majority of people are only brain dead and arrogant meat, which calls people like you tin foil lunatics, and buys those phones if it thinks it can save a fraction of a cent. Given enough buyers, piece by piece SIM card phones will vanish. Even if you stockpile a few phones, what if the carriers won't support them anymore? Stop using cell phones at all?
Re: (Score:2)
1. Normally, when you have service, it's attached to the SIM, not the phone. With this new embedded SIM model, this goes away. Your service is attached to the phone. Bad.
It's not even for phones - maybe some day, but not yet.
Who, exactly, gets to send over the air updates? (Score:5, Informative)
To fix this issue, the GSMA has developed a non-removable SIM that can be embedded in a device for the duration of its life, and remotely assigned to a network. This information can be subsequently modified over-the-air, as many times as necessary.
What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier. This looks like something where you beg and plead with your old carrier to let you switch your device to a new carrier. There's a lot of elaborate key management in this system, and compromise of certain keys could break the whole system.
Spec for the system architecture. [gsma.com]
Re: (Score:2)
What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier.
When you say "seems to," do you really mean "could possibly some day"?
This looks like something where you beg and plead with your old carrier to let you switch your device to a new carrier.
That sounds more like something you're inferring than something being implied by the article.
There's nothing in the article to suggest it's going to make it's way into consumer devices just yet. It might one day, but not yet.
The GSMA has published the technical description of a SIM card designed specifically for Machine-to-Machine (M2M) communication
Despite the convenience of over-the-air management, the GSMA says the embedded design is not meant to replace conventional SIM cards
Re: (Score:2)
If it's more profitable for the carriers to sell embedded-sim phones, then that is exactly what they will do, regardless of the intent of the specification or the wishes of it's designers.
Re: (Score:3)
What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier.
When you say "seems to," do you really mean "could possibly some day"?
No, I mean that's what the documentation seems to say. The user can't swap SIM cards when there is no removable SIM card. It has to be done remotely. From the documentation, it seems that the carrier has the keys to do that, but the user does not. Some devices start out in "provisioning mode", from which point (I think) the first carrier to talk to the device downloads a profiile and has control of the device until they release it. Or the device might come pre-locked to a carrier. Whether the user can forc
Hardware write locks? (Score:3)
I'd be OK with this, under one condition - a hardware-based write protection lock that is absolutely 100% not able to be bypassed or circumvented in software.
I'll never understand why this incredibly basic feature that is so easy to design, cheap to implement, and valuable to device security went the way of floppy disks. How awesome would a thumb drive with a hardware write lock be?
Re: (Score:2)
How awesome would a thumb drive with a hardware write lock be?
These exist. I use one regularly to load malware-cleaning software onto infected machines, without risking getting the thumb drive itself infected.
Re: (Score:2)
Can you link me to one? I still use an old SD card and reader for exactly this reason.
I think my larger point stands anyway, though. Why aren't write locks absolutely bare bones standard on any writable device?
Re: (Score:2)
They are a bit pricey and hard to find. Here's one I found on Amazon:
http://www.amazon.com/gp/product/B008OGNM8E/ref=as_li_qf_sp_asin_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B008OGNM8E&linkCode=as2&tag=wbh-20 [amazon.com]
Re: (Score:2)
Your hardware lock would negate the advantage of the embedded SIM design. The reason for embedded SIM is that you can remotely change the carrier, phone#, etc. without having to physically access the device. This is intended for use in devices such as cars, machinery, etc. It is not intended for use in your phone (most people here seem to have missed that little detail). If you have to physically access the device to flip a hardware lock, you might as well just use a regular SIM.
Re: (Score:2)
It is not intended for use in your phone (most people here seem to have missed that little detail)
How can you expect us to fulfil our need to become apoplectic with nerdrage if you want us to notice things like "details"?
Re: (Score:2)
I agree. The discussion would have been much shorter and a lot more intelligent if people hadn't felt the need to rage about "prying my SIM from my cold dead hand".
Re: (Score:2)
The discussion would have been much shorter and a lot more intelligent if people hadn't felt the need to rage
You might as well make that your sig. Well, maybe not you, based on your current one. Someone though.
Re: (Score:2)
Fair point. I can envisage scenarios where modifying the SIM remotely would be helpful. Then again, I can envisage scenarios where it could be a very, very bad thing. My main point was user empowerment - if I can choose between two models of a device, one with a hardware lock, one without... I'll be happy with that.
Not like cellular device security is anything but an oxymoron anyway...
Re: (Score:2)
It's not for your phone. You can keep your SIM.
Re: (Score:2)
How awesome would a thumb drive with a hardware write lock be?
They exist. Check Amazon.
SD cards have the same.
They make great secure boot drives.
Re: (Score:2)
SD cards have the same.
Note: the lock tab on a SD card doesn't actually do anything inside the card, it merely activates a contact on the socket.
Whether that contact is used to implement a hardware write lock, a software write lock or no write lock at all is entirely dependent on the designer of the system you plug the SD card into.
Flimsy cover story (Score:3)
This is a solution to a problem that doesn't exist. The only "problem" this solves is enabling the carriers to revert to the abusive and restrictive CDMA model.
Re: (Score:2)
Preventing the need to open up devices to swap a SIM could be easily resolved by using a simple spring-loaded insert/eject slot for SIM cards
That would still need physical access to the device, which is the problem this proposal is actually trying do away with. It might also (speculation on my part here, but doesn't seem unreasonable) run the risk of causing more problems when users brick their phones or SIMs by popping the SIM without turning off the phone.
This is a solution to a problem that doesn't exist to me.
FTFY. There are plenty of use cases where this would be an incredibly useful facility. Just because none of them personally impact on you doesn't mean this is automatically a nefarious conspi
Re: (Score:2)
I pop out the sim all the time with the phone on. you can not "brick" a phone by doing this.
Something wrong with headline (Score:5, Insightful)
There, that reads better
ESN (Score:2)
So...GSM now has an ESN? All this talk about the "Internet of Things" is really just saying that the devices are getting the equivalent of a MAC Address and can be remotely provisioned. And phones will still have SIM cards.
Guess there's nothing wrong with that, but I thought there was a big reason for GSM's push to have SIM cards in the first place.
The Internet of Things isn't a thing (Score:4, Informative)
It's marketing, like "the cloud". It's such a gross oversimplification that it's meaningless.
No thanks. (Score:2)
Because I have 100% control with a removable SIM. I don't need yet another thing held hostage by the telephone carrier.
But why? (Score:2)
Re: (Score:2)
Yeah, I don't know what all the functions of the SIM is, but I don't understand why it wouldn't need to just be the phone + something:
User inputs their cell number, a passphrase to authenticate with that identity on the network, and selects the network.
Network authorises that instance of the cell number on the network.
Probable downside is the same as a lot of user+pass systems instead of controlled hardware key: multiple logins, probably from attackers.
Re:Would not be a problem at all (Score:5, Interesting)
a SIM contains a cryptographic signature and some other things.
It's basically a watered down TPM that has a unique ID, a few kilobytes of storage, and a cryptographic key set.
A physical device like that makes it difficult to replicate the functionality of the SIM card, making it harder to make one device use the credentials and system identity of another device. (EG, it makes it harder for an attacker to steal your network identity and make lots of 1-900 number calls, which will then show up on YOUR bill, amongst other things-- like framing you in a murder by making all his calls with your number, etc.)
Making this an easily reprogrammed internal chip makes that physical level of security go away.
That's a bad thing.
Sometimes being inconvenienced is really in your best interest.
Re: (Score:2)
... then you need to manage the passphrase. Then all someone needs to do is find your password and they can answer your phone calls, receive your text messages - like two-factor text codes
A sim card is more secure than passphrase, since no one gets told the private key stored inside it and its never transmitted anywhere, except when its initially programmed by the telco.
Re: (Score:2)
I live in the USA and I'm in the UK right now, using a local SIM. If you don't offer than capability, you've shrunk your market to only the people who don't travel (hint:not the ones who tend to buy the fanciest phones).
Re: (Score:2)
Good point. But I take my SIM out and change it quite often. A few times a year when I travel. And every couple of years when I upgrade my phone.
Re: (Score:2)
And international travel.