Follow-up (-ish) to #1087756 in the case of eSIMs
Paper from Usenix 34: eSIMplicity or eSIMplification? Privacy and Security Risks in the eSIM Ecosystem
Convenient tech brings big bundle of security and privacy risks.Convenient tech brings big bundle of security and privacy risks.
A security study has unearthed security concerns for travel embedded subscriber identity modules (eSIMs), showing that many providers route user data through foreign telecommunications networks without disclosing to customers that this is happening.
The list:
Provider Origin Public IP Geoloc ISP Airalo US/Singapore 206.0.71.14 Texas, US WEBBING USA, INC. AIRSIMe Hong Kong 38.86.196.203 Texas, US Telecom North America Inc Alosim Canada 147.28.187.8 Texas, US Equinix Services, Inc. Better Roaming UK 146.88.208.55 NY, US Truephone Inc BNESIM Hong Kong 38.86.196.254 Texas, US Telecom North America Inc BreatheSIM Isle of Man 195.10.99.99 Isle of Man Manx Telecom CMLink eSIM China 223.118.51.111 China China Mobile International Limited DENT British Virgin Islands 37.248.246.98 Poland SPARKS eSIM Access China 206.0.69.143 Texas, US WEBBING USA, INC. Eskimo Singapore 111.65.35.51 Singapore SingTel Mobile Flexiroam Malaysia 206.0.69.106 Texas, US Webbing USA Gigsky US 193.88.50.248 Denmark TDC NET GoogleFi US 172.56.199.56 User Location T-Mobile Holafly Ireland 223.118.51.96 China China Mobile International Limited Maya Mobile US 38.86.196.229 Texas, US Telecom North America Inc MTX Connect Luxembourg 45.153.104.4 Oslo, Norway Nexthop AS Nomad US 192.178.240.193 VA, US Google LLC Numero Spain 154.54.12.114 Germany Cogent Communications RedTeaGo China 91.223.100.68 England O2 (UK) Saily Lithuania 94.156.229.223 NY, US Saily Inc. T-mobile US 172.59.9.77 US T-Mobile Ubigi France 140.174.33.144 NY, US Transatel USIMS Switzerland 140.174.33.128 NY, US Transatel Voye Israel 206.0.69.170 Texas, US WEBBING USA, INC. Yesim Switzerland 37.248.248.86 Poland SPARKS
There are many providers in here that I've been seeing ads for, most notably: Holafly is extensively marketed on European airlines and routes all traffic through China (!!!).
This looks like a surveillance nightmare!
Perhaps stackers can collaborate, as some of us use different providers not in scope of this research (I do so myself too) and we might be able to add valuable information.
PS: Cool eSIM comms capture device from the PDF:
Setup for capturing proactive communication: (a) iPhone 13, (b) sysmoEUICC1 for downloading the eSIM, (c) SIMtrace2 for capturing communication between the phone and the eSIM profile.
I don’t understand the threat here? Especially if I am an American.
See the discussion I had with @Scoresby on his "trust ISP" post.
Without too much LARPing:
Imagine that you're a US normie and you use
Gigsky, a US company, for your vacay to Mexico, because prepaid T-Mobile US is super-expensive outside of the US. Gigsky routes all traffic through Denmark. Now the EU logs all your metadata because that's an EU directive.Do you use encrypted DNS? Does every app you have on your phone actually use proper encryption and not leak cleartext data? You're literally now being surveilled in Europe.
LARP time: Remember which EU country the US has threatened war against? Denmark, over Greenland. Unless you have such disdain for European people that you agree with Mr. Vance that they are all completely retarded, maybe they will pay extra attention to anyone from a country that has actively threatened their sovereignty with invasion?
Ahh okay very interesting. Everytime I travel internationally I would get a local physical sim. I never used an eSIM in my life. What captured my attention about this post is how much exposure does silent.link have to this type of surveillance. The privacy bros love silent.link and I was thinking of using it next time I’m out of the USA
Tested a
silent.linkeSIM:Provider: plus (Poland) Reverse ip:
apn-xxx-xxx-xxx-xxx.sparks(doesn't resolve) AS:8374Poland is in the EU correct?
Correct!
Thus comms eavesdropped?
Likely. Working my way through this pdf: https://www.uke.gov.pl/gfx/uke/userfiles/m-pietrzykowski/telecommunications_act_en.pdf
I'll test that tomorrow or tuesday.
Thanks!!
Have to weaken this to "maybe Tuesday" because a throwaway pixel 7 that was on its way to me and originally set to arrive today is apparently stuck in customs. Borders are the sux.
No worries! Take ya time
silent.link is missing - this is an israeli spysim
That's why I put the little CTA... It shouldn't be too hard to get intel. I just want to know "how far" we can measure before I hack together an APK and public crowd sourced dataset
Can you provide evidence of this claim?
Thanks for this! I've mostly used HolaFly in the past but I think I'm gonna switch to Saily from nordvpn
Of course! Would still recommend using a VPN other than NordVPN on top (mullvad, proton)
Yup I run mullvad anyway 👍
I was wondering about something like this when you mentioned travel esims the other day.
I've used esims from some of the providers who accept bitcoin. What sort of information would be helpful and how might I get started collecting it?
(Also, thanks for posting this article)
Since I've posted this, I've been looking for android traceroute apks but it looks like this has been blocked since android 10. I'm thinking of developing an APK for this myself if I can without needing root get ICMP packets.
Looks maintained: https://github.com/compscidr/icmp
I think we can do this (for android)
I am sure this is a result of more completive pricing. Just use a VPN you trust and only visit https sites, the networks won't see what you are doing.
And don't install apks that you haven't reviewed the source for or at least ran through pcap for a while
Why is this relevant for eSIMs? This is a generally sound advice. But even in Play Store there can be fraudulent apps, so better keep installs to a bare minimum and use web apps instead....
It's relevant because you don't know what it's sending in cleartext.
Fuck...
What does LNVPN use in the back?
Will test soon.
APN is sky.com Reverse IP for me goes to
skybroadband.com(UK)That’s really concerning, convenience shouldn’t come at the cost of secretly exposing user data.