Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It sounds like a regular SIM is more secure than an eSIM. Are there any implications to the user?


There doesn't seem to be that much extra attack surface: https://security.stackexchange.com/a/271953

With an eSIM activation, the only possibility is that someone else e.g. reads the QR code from your screen and activates the eSIM on their device; but you'll notice that since eSIM activation will fail on your end, and will likely request a new one. But that does provide some window for a targeted attack.

With a physical SIM, there's a much easier attack available, in form of extracting the SIM itself from your phone. It isn't a remote attack, but it might even take you longer to notice.

Arguably, an operator's support of remote eSIM activation (whether you use it or not) is the biggest attack vector, since it allows an attacker to impersonate you and request a new eSIM.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: