Hacker Neue

Preferences
lxgr parent
That would indeed be catastrophic, but from the attack as demonstrated, I don't think we can conclude that that's possible.

As I understand it, the attack as demonstrated is extracting the eUICC provisioning private key from the context of a SAT applet, but what you're describing would be extracting the keys of eSIM profile A from the context of eSIM profile B of an unrelated carrier.

It would be great to know whether the researchers have looked into that, as it sounds like a much bigger problem if possible.

VogonPoetry
There are three things in the report that make me believe that it would be possible to get the secrets from eSim profile B from a compromised eSIM profile A if they are both installed.

Under "Notes" it says... The hack proves no security / isolation for the eSIM profile and Java apps (no security for eUICC memory content).

- app isolation is broken

Under "The warning call for mobile phone vendors"... Target eUICC chips may run some sensitive applications (digital wallets / payment, digital car keys, transportation cards, access / identification cards, etc.). In case of a successful eSIM compromise, the security / credibility of such apps may be affected.

- perhaps code for we already know this is possible, not talking about it yet...

And towards the end, under "Some recommendations"... always assume your apps, their logic, associated secrets and/or some eSIM content could be revealed (one compromised eUICC identity can be used to download and peek into eSIM of any MNO)

- directly talks about other secret extraction

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal