[gcb0]

/me puts on tinfoil hat

the sim card has one important difference. It lives in a device that provides it with 24/7 battery and radio access.

That is really worrisome when you think about. A tiny computer running applications you have no idea/access. powered 24/7. Always with you. With access to battery, network, mic, etc. And the other side of the network that could monitor it's traffic for malicious actions is owned by the very people that could abuse it in the first place.

[umurkontaci]

It's no different than having no SIM, if your phone wants to spy on you, it doesn't need a SIM card. It's the phone that transceives the signals, and it can do so without a SIM card. SIM card authenticates you to the network, but you control the device and the network around the device, there's no need for a SIM card.

[colechristensen]

If there was an open standards-compliant protocol it could be implemented open-source and trusted. You could create an entire open operating system and use open hardware to know everything happening on your phone. That is different than having a SIM, which is a piece of mystery hardware the phone company could do anything with.

[Laforet]

They already have control of all your traffic so what's the harm? Take the sim out of your phone in case you are really worried, but that would cut you off the network as well.

I'd be far more concerned with the hundreds of microcontrollers running proprietary code.

[colechristensen]

The SIM, being a physical piece of hardware plugged into my phone, could easily be used as an attack vector for my phone company to root my phone. Hardware plugged into my phone is a much more vulnerable attack surface than control of network traffic.

[EvanAnderson]

The baseband is already at the beck-and-call of your telco provider and has much better access to the hardware than the SIM card.

[infinity0]

The point is your phone (if it were secure enough) could treat your SIM card like any other untrusted device accessory, and only let it do stuff it's allowed to do.

[network] <-> [phone] <-> [SIM card]

In theory. Not sure how well practise matches this though.

[gcb0]

the selling point of the sim is that it it "trusted computing". meaning the user is left out by design.

[amelius]

Yes, but now your Telco can also do those things.

[gcb0]

so? the point is that the sim IS there already. yeah you can have more vulnerabilities, but that one is a given.

[derefr]

> powered 24/7

Is it? When you turn on "airplane mode" on a phone, is there a reason for the SIM to still be receiving power at that point?

[zamalek]

> Is it?

Easy to test: add a SIM pin, turn on airplane mode and reboot your phone.

[gcb0]

yes.

the sim has direct access to the radio and other modules, by design. it only needs the actual phone cpu/os for use interface.

if it wants to take the radio out of silent mode it can.

[derefr]

That seems like it wouldn't comply with FAA regulations.

I always presumed "airplane mode" was the specific set of features required by the FAA to enable the phone to do the same thing as a phone that's off, from the perspective of potential interference with a plane's communications.

If the SIM can still enable and use the radio despite "airplane mode" being on, then "airplane mode" is not really "a mode for making your phone safe to stay on while on an airplane."

[nucleardog]

It's actually an FCC regulation that prevents people using cellular devices on airplanes, and the issue isn't "interference with avionics" but "violating some fundamental assumptions that the existing cellular network is based on" like devices not travelling 600mph or having the ability to transmit signals for dozens of miles.

[milcron]

You can actually enable wifi yourself even while airplane mode is enabled - try it!

[gcb0]

yes and that is not new.

try this: enable airplane mode and then open any app that has system permission to change gps or Bluetooth or wifi settings. it will enable those radio and the ui will still show the little airplane there.

[milcron]

For tinfoil wearers, the sim card is not as much of an issue as the baseband modem itself.

[jjawssd]

Phones can be directly accessed over a network via IMEI