Security Issues Regarding GSMA ESIMs / EUICCs and Javacard
10 months ago
- #eSIM
- #Security
- #Javacard
- Security researcher Adam Gowdiak identified flaws in eUICCs (eSIM chips) within the GSMA architecture, particularly in Javacard implementations.
- The issue stems from the reliance on off-card bytecode verification, which is impractical for resource-constrained microcontrollers used in eUICCs.
- Javacard was initially designed for banking, where a single entity (the bank) controls applet loading, ensuring security via off-card verification.
- The eSIM architecture introduces multiple stakeholders (MNOs/MVNOs), making off-card verification unsafe as not all can be trusted to perform it correctly.
- Oracle and Gemalto downplayed similar findings in 2019, leading to insufficient industry awareness of the risks.
- The GSMA eSIM standard allows multiple operators to load applets, increasing the risk of adversarial actions without on-card verification.
- Mitigations like TS.48 key diversification address specific attack vectors but don't solve the broader architectural issue.
- Oracle should improve its reference implementation to include robust on-card verification for resource-constrained environments.
- GSMA should enforce security requirements, mandate on-card verification, and refuse accreditation for eUICCs relying on off-card verification.
- The industry should move beyond Javacard or any technology requiring complex on-card verification that exceeds microcontroller capabilities.