https://www.euronews.com/next/2024/03/25/ukraines-telecom-en...
I think these networks can be a lot more resilient than we think and they can be maintained even during a war.
And probably how Elon is feeling that day about the participants
A technically capable terrorist could wreak havoc if they could get access to the control center of a telecoms network, but I don't think service will be down for extended periods of times unless it's part of a scorched earth strategy of some kind. Any military operation can be disrupted easily with cheap and widely available jammers anyway, attacking cellular infrastructure is mostly useful for attacking civilian targets and spreading panic.
Java Card supports, broadly speaking, two types of bytecode verification: "On-card" and "off-card". On-card is secure against even malicious applets; off-card assumes that a trustworthy entity vets all applets before they are installed, and only signs them if they are deemed well-formed.
The off-card model just seems like a complete architectural mismatch for the eSIM use case, since there is no single trustworthy entity. SAT applets are not presented to the eUICC vendor for bytecode verification, so the entire security model breaks down if verification doesn't happen on-card.
Unfortunately, the GSMA eSIM specifications seem to be so generic that they don't even mandate Java as a bytecode technology, and accordingly don't impose any specific Java requirements, such as "all eUICC implementations supporting SAT via Java Card must not rely on off-card bytecode verification".
Also see their previous reply[1] to the findings this company had from 2019 and I can’t help but agree with the article that if those issues were fixed back then, there is a chance that this wouldn’t have happened today.
[1]: https://www.securityweek.com/oracle-gemalto-downplay-java-ca...
But do you know if Oracle's reference implementation for Java Card is one using on-card or off-card verification, or more generally is assuming installs from only trusted sources?
There are many Java Card applications where the assumption of all bytecode being trusted is reasonable, especially if all bytecode comes from the issuer and post-issuance application loading isn't possible. Of course, that would be a complete mismatch for an eUICC.
Not claiming to be an expert, but this seems like a very big qualification. Can someone put this into context for me?
If you stole my private key for my PGP key, you would absolutely be able to sign messages as me.
> As a result of eUICC compromise, we were able to extract private ECC key for the certificate identifying target GSMA card.
This is supposed to be impossible, even with knowledge of SAT applet management keys. (In other words, individual eSIM profiles are still not supposed to be able to extract private eSIM provisioning keys from any eUICC.)
In the security architecture of eSIMs, compromising any eUICC's key means that an attacker can obtain the raw eSIM profile data from any SM-DP trusting it (which would be any, if it chains up to a CA part of the GSMA PKI) and do things that are supposed to be impossible, such as simultaneously installing one profile on multiple devices, or extract secret keys from a profile and then "put it back" to the SM-DP, let the legitimate user download it, and intercept their communications.
My phone, my sim or esim, and anything else which I have purchased and is in my possession, belongs to me. Being able to retrieve keys to things I own, and do whatever I want with them, seems fine. If the key to my car says "do not duplicate", I should be nonetheless able to duplicate it, because I own the car and the key. If I want to run my same profile or eSIM on multiple devices, I get that the cell company doesn't like that, but I do, so I wouldn't consider that a harm to me.
Given that assumption, this vulnerability/jailbreak/rooting of something I own seems less significant to me. I think, however, that I may be misunderstanding the attack. Is this possible to perform against somebody else for whom I will never have physical possession of the phone? Or for someone else to perform it against me, without ever having physical possession of my phone? It sounded like maybe a test profile was left enabled, which allows anyone to send an SMS-PP message to any phone, telling it to install an applet which compromises the phone/eUICC/eSIM's keys. Did I follow that right?
Then you can't use eSIMs as specified. eUICCs are an implementation of trusted computing.
> I think I may be misunderstanding the attack, though. Is this possible to perform against somebody else for whom I will never have physical possession of the phone? Or for someone else to perform it against me, without ever having physical possession of my phone?
In a non-broken eSIM security architecture, eSIM profiles are singletons, i.e. they can only be installed on any given eUICC at one time. At install time, the SM-DP decrements the logical "remaining installs" counter from 1 to 0; at uninstall time, it goes back up to 1. This of course only works if the eUICC's assertion of "I deleted eSIM profile x" is trustworthy, hence it requires trusted computing.
A different security architecture not relying on trusted computing is of course possible to imagine, but that's not what current networks assume.
Could you elaborate here, please? I am kind of ignorant on this topic. Using an exploit to root my phone results in not using the phone "as specified", but it still works, and it's okay with me, because I own it.
It sounded like the concerns you had were ones the network operator should be concerned with. Suppose I don't care about their concerns unless they result in my stuff being compromised*.
Are you saying that it breaks the security in a way that someone who doesn't own my phone and doesn't have physical access to my phone can compromise my phone and/or my eSIM?
* - for the purposes of simplifying discussion, I'm dismissing the possibility that the network operator throws up their hands and entirely stops using/allowing eSIMs because they can't control everything
> Are you saying that it breaks the security in a way that someone who doesn't own my phone and doesn't have physical access to my phone can compromise my phone and/or my eSIM?
Yes, it does: Currently, providers assume that any eSIM honors the "singleton contract" described above. One that does not, e.g. one simulated in software using keys extracted from a physical trusted eUICC, could be used to mount the following attack:
1. Intercept the eSIM setup QR code (which contains two things: the URL of the SM-DP and a secret profile identifier)
2. Install the eSIM profile on their "software eSIM".
3. Report the eSIM as successfully deleted to the SM-DP, which now considers it available for installs again.
4. You, the legitimate owner of the eSIM, now install it on your unmodified eUICC in your phone and go about your day.
5. One day, ideally when your legitimate SIM is offline, the attacker inserts their eSIM into a phone and intercepts phone calls and SMS to your number, initiates expensive toll calls etc.
One solution here would be to never allow re-installs of the same eSIM profile, which some providers already do, but I personally don't like eSIM profiles managed that way, as it requires me to interact with carrier support and often even pay money just to transfer an eSIM to a new device.
> 1. Intercept the eSIM setup QR code (which contains two things: the URL of the SM-DP and a secret profile identifier)
1. How might this be done? Would this require a separate attack, or are the mechanics a part of the attack described in the article?
2. Is this possible with the eSIM already set up on my phone?
Currently, an attacker installing the eSIM profile themselves is very visible, as it breaks the QR code for the legitimate user due to the singleton property (or, if the user installs it first, locks the attacker out anyway). If it happens, the legitimate user will call in and complain, and the carrier will at least revoke the current profile, and possibly even realize that something's afoot.
That property going away probably changes the threat model of most carriers in a way not initially anticipated.
It's an interesting attack vector for intelligence agencies. Imagine you're going to China and install a Chinese eSim profile as secondary to get cheaper data. The Chinese govt, in collaboration with the carrier, could then use that profile to dump your American AT&T keys.
In the telecom world, there's no forward secrecy (there can't be with symmetric crypto, which is what it's all based on), so such an attack would let the Chinese intercept all your communications.
Is there a remote attack vector against my phone/eSIM which doesn't require first compromising the network service provider? Not that I'm dismissing other vectors as unimportant, just trying to learn more.
* - I do realize that a network operator viewed as "trusted" may be untrusted under the right circumstances, like sufficient pressure from sufficiently official or powerful actors.
As I understand it, the attack as demonstrated is extracting the eUICC provisioning private key from the context of a SAT applet, but what you're describing would be extracting the keys of eSIM profile A from the context of eSIM profile B of an unrelated carrier.
It would be great to know whether the researchers have looked into that, as it sounds like a much bigger problem if possible.
hhh•5h ago
yapyap•3h ago
It’s like the companies “forgot” [1] what happens when you don’t have a bug bounty program or what happens when people step to others with their bugs.
1. of course companies didnt forget, this is the benefit of the doubt I like to give but big companies like this aren’t stupid. Big companies are ruled by the business savvy but less technical and those see things like the bug bounty program as not important, until they get shook awake by a huge breach or anything of the sort that impacts the stock price ( their salary ) I doubt they will care much.
jeroenhd•3h ago
$30k is a pittance for the work put in if you were to negotiate with them as contractors, but it's still a good chunk of change for essentially unprompted, free work. They didn't need to pay them a dime, after all.