Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone 14 Pro Max Teardown Provides Closer Look at Unused SIM Tray Area on U.S. Model and More

jaytv111 said:
From the PDF:

With Remote SIM Provisioning, there are no traditional SIM cards1 . Instead there is an embedded SIM (called an eUICC), which may be soldered inside the mobile device, that can accommodate multiple SIM Profiles – each Profile comprising of the operator and subscriber data that would have otherwise been stored on a traditional SIM card (the red and blue dots in the previous section). In (1), the end user sets up a contract with their chosen mobile network operator, and in the case of a Consumer solution, instead of receiving a SIM card they will receive instructions on how to connect their device to the operator’s Remote SIM Provisioning system. In this example a QR (Quick Response) code is used. The QR code contains the address of the Remote SIM Provisioning system (SM-DP+ server within the GSMA specifications), which allows the device to connect to that system (2) and securely download a SIM Profile. Once the Profile is installed and activated, the device is able to connect to that operator’s network (3).

TL DR Remote SIM provisioning means you get connected to a remote server who serves your device with the profile required to connect. The profile is then stored on the embedded SIM. Multiple profiles can be stored on the embedded SIM.
Click to expand...
Which still leaves me with the same question: how is that protected from malicious software trying to provision the embedded SIM when it shouldn’t be allowed to do so?
 
dysamoria said:
Which still leaves me with the same question: how is that protected from malicious software trying to provision the embedded SIM when it shouldn’t be allowed to do so?
Click to expand...
1) You initiate provisioning
2) Your carrier supplies you a link (via QR code) to start the provisioning, or your carrier app initiates the provisioning.
3) The provisioning is done securely

And therefore software can't start provisioning your eSIM unless someone was able to load a hacked OS onto the phone then initiate the provisioning process. You have bigger problems if that's the case, ie all your data would be compromised.

I'm not really sure what you mean by "malicious software", software on the phone? Normal phone security applies (ie app segmentation, the inability for apps to change system settings without your permission, etc).

Edit: And thanks to TLS security, the connection between phone and provisioning server is secure, it only connects to the site on the QR code or supplied through the app, it requires a valid server certificate, and it requires encryption, like normal TLS does. If this process was broken by an attacker the phone would know and stop the provisioning attempt immediately.
 
PinkyMacGodess said:
Not dumb when you consider they likely only have one or two different baseboards that are populated with different components depending on the market they are for. Coming up with a special base board for a 'US version' wouldn't likely be worth it. It is only one country after all, and only one component left off. Being that steve isn't running Apple any longer, the chunk of plastic probably costs Apple a scant fraction of US penny.
Click to expand...
Dumb that they didn’t just keep the SIM card in the US model.
 
  • Like
Reactions: dysamoria
CarAnalogy said:
Yeah but there was never any need to design two different models except for this power play with eSIM. They apparently didn’t have the leverage overseas, or it was the US communications cartel’s idea, or something fishy. They absolutely did not do this for any user benefit.
Click to expand...
Oh yes, I do agree.
 
  • Like
Reactions: dysamoria
jaytv111 said:
1) You initiate provisioning
2) Your carrier supplies you a link (via QR code) to start the provisioning, or your carrier app initiates the provisioning.
3) The provisioning is done securely

And therefore software can't start provisioning your eSIM unless someone was able to load a hacked OS onto the phone then initiate the provisioning process. You have bigger problems if that's the case, ie all your data would be compromised.

I'm not really sure what you mean by "malicious software", software on the phone? Normal phone security applies (ie app segmentation, the inability for apps to change system settings without your permission, etc).

Edit: And thanks to TLS security, the connection between phone and provisioning server is secure, it only connects to the site on the QR code or supplied through the app, it requires a valid server certificate, and it requires encryption, like normal TLS does. If this process was broken by an attacker the phone would know and stop the provisioning attempt immediately.
Click to expand...
Malicious software, as in a case like this:

About the security content of iOS 15.7 and iPadOS 15.7 - Apple Support

This document describes the security content of iOS 15.7 and iPadOS 15.7.
support.apple.com support.apple.com

Where the vulnerability has the impact: “An app may be able to execute arbitrary code with kernel privileges”

… is there not a risk of malicious software initiating a bogus eSIM provisioning process?
 
dysamoria said:
Malicious software, as in a case like this:

About the security content of iOS 15.7 and iPadOS 15.7 - Apple Support

This document describes the security content of iOS 15.7 and iPadOS 15.7.
support.apple.com support.apple.com

Where the vulnerability has the impact: “An app may be able to execute arbitrary code with kernel privileges”

… is there not a risk of malicious software initiating a bogus eSIM provisioning process?
Click to expand...
There is very little to no risk of loading a bogus eSIM. The high value target of those exploits is the information on the phone itself: call logs, messages, other app data, etc. And those exploits are getting patched all the time. And you need to be able to load software onto the phone to take advantage of such exploits, it's difficult and the main vector has been the Pegasus stuff that sends an iMessage attachment and uses built in OS bugs to load remote code into the system. AFAIK they didn't do anything with eSIM with Pegasus which kind of shows it's not a valued target in the least, they just want the data that's on the phone and they aren't trying to make fake carriers and such, and chances are you would notice if the carrier name changes on its own and it would blow the whole thing if it shows a carrier you've never heard of and didn't sign up service for.

I've never heard of any exploit on the eSIM system and it's been 4 years, I think I would have heard something about it by now if it was at all a real valuable target for an attack.
 
nicolas17 said:
The Apple Watch has those fancy sensors for ECG and it's still not enabled in many countries (due to health regulations). For example, it was enabled in Mexico in watchOS 8.6(!), on previous versions "the feature would remain not functional" and that sensor would be useless.

The iPhone has had Apple Pay since iPhone 6 but it was enabled in Argentina, Peru, Moldova and Malaysia this year. It's still not available in many countries.

Having hardware present on your device that you can't use due to region availability is not a new thing at all :p
Click to expand...
That's even worse! Because these are the features Apple boasts to you to upgrade.
 
Wasted opportunity to stick more battery into this device or more RAM, etc. A plastic spacer?! 🤦🏼
 
jaytv111 said:
There is very little to no risk of loading a bogus eSIM. The high value target of those exploits is the information on the phone itself: call logs, messages, other app data, etc. And those exploits are getting patched all the time. And you need to be able to load software onto the phone to take advantage of such exploits, it's difficult and the main vector has been the Pegasus stuff that sends an iMessage attachment and uses built in OS bugs to load remote code into the system. AFAIK they didn't do anything with eSIM with Pegasus which kind of shows it's not a valued target in the least, they just want the data that's on the phone and they aren't trying to make fake carriers and such, and chances are you would notice if the carrier name changes on its own and it would blow the whole thing if it shows a carrier you've never heard of and didn't sign up service for.

I've never heard of any exploit on the eSIM system and it's been 4 years, I think I would have heard something about it by now if it was at all a real valuable target for an attack.
Click to expand...
Ok. Thank you for your responses to my questions.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back