[nly]

In practice SIM cards don't give you much physical security anyway.

I transferred my mobile phone number etc over to a new SIM card the other week and all I needed was name, address, DOB and proof of ID... of course my network didnt have any of these on file yet, so I had to first tell them these details, and then show ID to verify that I was who I had just told them that I should be. Yeah... this is the state of consumer mobile security.

None of this required physical access to the phone, I just had to login to their website, with a username and password, and change my details.

On most networks you can steal someones mobile number with just a few minutes of physical access and a bit of planning.

[URSpider94]

But that's the choice of the network operator. The SIM itself is still completely unique and identifiable, they just chose to allow customers to re-map SIM's on the fly.

[gcb0]

and this is the norm all over the world. And SIMs cannot exist without the network operator. So in the end, this is the worst vulnerability of SIM cards.

[makomk]

SIM cards come from an era where mobile phone contracts were much less common and more expensive, and therefore cloning phones cost the providers a lot of money. I assume the security requirements for reissuing SIMs were also higher back then.