News & blog
How safe is the eSIM?
Transformation often raises the spectre of the unknown. When that happens, doubt is an understandable - even a healthy - response.
When new ground is broken in any industry, it's inevitable that consumers and insiders alike will raise some concerns. A technological advancement that reshapes the status quo can be perceived as a threat, even if closer inspection proves it to be an opportunity.
The eSIM is one such advancement, and it looks set to revolutionise telecommunications and IoT. The mobile industry will be irreversibly altered by the proliferation of embedded SIM chips, and the momentum of these changes will only continue to build in the coming years.
For those with the foresight to throw their weight behind the eSIM, there are exciting opportunities to be seized. It's nothing but a positive, but one question that persists in relation both to eSIM and the IoT is that of security.
The best thing to do when confronted with these concerns is not to dismiss them out of hand. Security risks are a major issue in the internet age, so furnishing people with more information is the best way to dispel any instinctive objections to an undeniably beneficial technology.
An embedded SIM chip is built directly into a device's motherboard during the manufacturing process. This removes the need for a regular removable SIM card, opening up a range of new possibilities.
This chip is much smaller than its predecessor, so an eSIM-enabled device will have more space for other features. It could also be fully waterproofed, as the technical components of the device will now be self-contained.
With an eSIM, plans and contracts are downloaded directly, so connecting your device and getting online can take literally seconds. Out-of-the-box connectivity empowers consumers and allows for a more streamlined user experience.
Another huge implication of the embedded SIM is its potential to optimise the Internet of Things (IoT). The eSIM could make any piece of hardware a potential "smart" element within an IoT ecosystem, and that's great news for individual consumers and industry giants alike.
Connection and Security
The SIM is the gateway to any connected device, so naturally, the issue of hacking has been raised in relation to eSIM and its profile provisioning options.
A primary concern centred around the secure connection between SIMs and network operators. A device that carries a regular SIM has an encrypted link to the specific MNO. That connection is coded and secured against tampering or hacking.
An eSIM gives users the power to download a profile directly onto their phone. This means, in theory, that hackers might be able to push a new profile onto someone else's device and take control of it. However, GSMA has already responded to this problem.
The organisation has proposed the use of a unique key that will seek verification through a third-party server whenever someone requests a new profile. This is referred to as Subscription Management Data Protection (SM-DP+).
With this in place, a device that attempts to download a new profile will trigger an SM-DP+ request, which will be confirmed by an operator. Then the provisioning process will proceed as normal, as the unique code could only have originated with the device in question.
It's not just a matter of putting people at ease, however. The eSIM will actively improve security.
For one thing, it practically removes all threat of device theft.
In our current connected hardware – a smartphone, for example, or a watch – the removable nature of the SIM card is a risk factor. It makes it incredibly easy for someone to strip the device of its connectivity and its old profile by simply discarding the original owner's SIM.
This just won't be possible with an embedded chip. An eSIM cannot be removed, and unless the person trying to change the profile knows a specific security key, they won't be able to overwrite the current profile.
Not only will this make reselling stolen devices impossible, but it will also ensure that recovering them is easier than ever. The moment an eSIM-enabled smartphone is switched on it will have connectivity and could be instantly traced by the authorities.
This tracking capability would also be extremely useful on a larger, industrial scale. Vehicles, equipment, and any other hardware with eSIM connectivity would be locatable at all times, so accidental loss or deliberate theft could be quickly remedied.
As eSIM becomes more normalised and wide-spread, these benefits will be increasingly evident. Security comes from connection – from being able to keep track, stay in touch, and protect our devices. That's exactly what the embedded SIM chip allows us to do.
Consumers will use a product that makes them and their data safer; with an eSIM in their devices, manufacturers and network operators can make that happen.