Travel eSIMs secretly route traffic over Chinese and undisclosed networks \ stacker news ~privacy

pull down to refresh

Travel eSIMs secretly route traffic over Chinese and undisclosed networks www.itnews.com.au/news/travel-esims-secretly-route-traffic-over-chinese-and-undisclosed-networks-study-619659

2648 sats \ 17 comments \ @optimism 6h privacy

Follow-up (-ish) to #1087756 in the case of eSIMs

Paper from Usenix 34: eSIMplicity or eSIMplification? Privacy and Security Risks in the eSIM Ecosystem

Convenient tech brings big bundle of security and privacy risks.

A security study has unearthed security concerns for travel embedded subscriber identity modules (eSIMs), showing that many providers route user data through foreign telecommunications networks without disclosing to customers that this is happening.

The list:

Provider Origin Public IP Geoloc ISP
Airalo US/Singapore 206.0.71.14 Texas, US WEBBING USA, INC.
AIRSIMe Hong Kong 38.86.196.203 Texas, US Telecom North America Inc
Alosim Canada 147.28.187.8 Texas, US Equinix Services, Inc.
Better Roaming UK 146.88.208.55 NY, US Truephone Inc
BNESIM Hong Kong 38.86.196.254 Texas, US Telecom North America Inc
BreatheSIM Isle of Man 195.10.99.99 Isle of Man Manx Telecom
CMLink eSIM China 223.118.51.111 China China Mobile International Limited
DENT British Virgin Islands 37.248.246.98 Poland SPARKS
eSIM Access China 206.0.69.143 Texas, US WEBBING USA, INC.
Eskimo Singapore 111.65.35.51 Singapore SingTel Mobile
Flexiroam Malaysia 206.0.69.106 Texas, US Webbing USA
Gigsky US 193.88.50.248 Denmark TDC NET
GoogleFi US 172.56.199.56 User Location T-Mobile
Holafly Ireland 223.118.51.96 China China Mobile International Limited
Maya Mobile US 38.86.196.229 Texas, US Telecom North America Inc
MTX Connect Luxembourg 45.153.104.4 Oslo, Norway Nexthop AS
Nomad US 192.178.240.193 VA, US Google LLC
Numero Spain 154.54.12.114 Germany Cogent Communications
RedTeaGo China 91.223.100.68 England O2 (UK)
Saily Lithuania 94.156.229.223 NY, US Saily Inc.
T-mobile US 172.59.9.77 US T-Mobile
Ubigi France 140.174.33.144 NY, US Transatel
USIMS Switzerland 140.174.33.128 NY, US Transatel
Voye Israel 206.0.69.170 Texas, US WEBBING USA, INC.
Yesim Switzerland 37.248.248.86 Poland SPARKS

Provider	Origin	Public IP	Geoloc	ISP
Airalo	US/Singapore	206.0.71.14	Texas, US	WEBBING USA, INC.
AIRSIMe	Hong Kong	38.86.196.203	Texas, US	Telecom North America Inc
Alosim	Canada	147.28.187.8	Texas, US	Equinix Services, Inc.
Better Roaming	UK	146.88.208.55	NY, US	Truephone Inc
BNESIM	Hong Kong	38.86.196.254	Texas, US	Telecom North America Inc
BreatheSIM	Isle of Man	195.10.99.99	Isle of Man	Manx Telecom
CMLink eSIM	China	223.118.51.111	China	China Mobile International Limited
DENT	British Virgin Islands	37.248.246.98	Poland	SPARKS
eSIM Access	China	206.0.69.143	Texas, US	WEBBING USA, INC.
Eskimo	Singapore	111.65.35.51	Singapore	SingTel Mobile
Flexiroam	Malaysia	206.0.69.106	Texas, US	Webbing USA
Gigsky	US	193.88.50.248	Denmark	TDC NET
GoogleFi	US	172.56.199.56	User Location	T-Mobile
Holafly	Ireland	223.118.51.96	China	China Mobile International Limited
Maya Mobile	US	38.86.196.229	Texas, US	Telecom North America Inc
MTX Connect	Luxembourg	45.153.104.4	Oslo, Norway	Nexthop AS
Nomad	US	192.178.240.193	VA, US	Google LLC
Numero	Spain	154.54.12.114	Germany	Cogent Communications
RedTeaGo	China	91.223.100.68	England	O2 (UK)
Saily	Lithuania	94.156.229.223	NY, US	Saily Inc.
T-mobile	US	172.59.9.77	US	T-Mobile
Ubigi	France	140.174.33.144	NY, US	Transatel
USIMS	Switzerland	140.174.33.128	NY, US	Transatel
Voye	Israel	206.0.69.170	Texas, US	WEBBING USA, INC.
Yesim	Switzerland	37.248.248.86	Poland	SPARKS

There are many providers in here that I've been seeing ads for, most notably: Holafly is extensively marketed on European airlines and routes all traffic through China (!!!).

This looks like a surveillance nightmare!

Perhaps stackers can collaborate, as some of us use different providers not in scope of this research (I do so myself too) and we might be able to add valuable information.

PS: Cool eSIM comms capture device from the PDF:

Setup for capturing proactive communication: (a) iPhone 13, (b) sysmoEUICC1 for downloading the eSIM, (c) SIMtrace2 for capturing communication between the phone and the eSIM profile.

view all related items

100 sats \ 2 replies \ @Scoresby 4h

I was wondering about something like this when you mentioned travel esims the other day.

might be able to add valuable information.

I've used esims from some of the providers who accept bitcoin. What sort of information would be helpful and how might I get started collecting it?

(Also, thanks for posting this article)

102 sats \ 1 reply \ @optimism OP 3h

Since I've posted this, I've been looking for android traceroute apks but it looks like this has been blocked since android 10. I'm thinking of developing an APK for this myself if I can without needing root get ICMP packets.

0 sats \ 0 replies \ @optimism OP 2h

Looks maintained: https://github.com/compscidr/icmp

I think we can do this (for android)

100 sats \ 1 reply \ @BlokchainB 4h

I don’t understand the threat here? Especially if I am an American.

252 sats \ 0 replies \ @optimism OP 4h

See the discussion I had with @Scoresby on his "trust ISP" post.

Without too much LARPing:

Imagine that you're a US normie and you use Gigsky, a US company, for your vacay to Mexico, because prepaid T-Mobile US is super-expensive outside of the US. Gigsky routes all traffic through Denmark. Now the EU logs all your metadata because that's an EU directive.

Do you use encrypted DNS? Does every app you have on your phone actually use proper encryption and not leak cleartext data? You're literally now being surveilled in Europe.

LARP time: Remember which EU country the US has threatened war against? Denmark, over Greenland. Unless you have such disdain for European people that you agree with Mr. Vance that they are all completely retarded, maybe they will pay extra attention to anyone from a country that has actively threatened their sovereignty with invasion?

234 sats \ 1 reply \ @anon 3h

silent.link is missing - this is an israeli spysim

0 sats \ 0 replies \ @optimism OP 3h

That's why I put the little CTA... It shouldn't be too hard to get intel. I just want to know "how far" we can measure before I hack together an APK and public crowd sourced dataset

100 sats \ 1 reply \ @m0wer 1h

Fuck...

What does LNVPN use in the back?

29 sats \ 0 replies \ @optimism OP 1h

Will test soon.

APN is sky.com Reverse IP for me goes to skybroadband.com (UK)

100 sats \ 2 replies \ @Artilektt 1h

Thanks for this! I've mostly used HolaFly in the past but I think I'm gonna switch to Saily from nordvpn

75 sats \ 1 reply \ @optimism OP 1h

Of course! Would still recommend using a VPN other than NordVPN on top (mullvad, proton)

100 sats \ 0 replies \ @Artilektt 1h

Yup I run mullvad anyway 👍

100 sats \ 3 replies \ @SwapMarket 3h

I am sure this is a result of more completive pricing. Just use a VPN you trust and only visit https sites, the networks won't see what you are doing.

0 sats \ 2 replies \ @optimism OP 3h

And don't install apks that you haven't reviewed the source for or at least ran through pcap for a while

100 sats \ 1 reply \ @SwapMarket 3h

Why is this relevant for eSIMs? This is a generally sound advice. But even in Play Store there can be fraudulent apps, so better keep installs to a bare minimum and use web apps instead....

0 sats \ 0 replies \ @optimism OP 3h

It's relevant because you don't know what it's sending in cleartext.

100 sats \ 0 replies \ @Kayzone 3h

That’s really concerning, convenience shouldn’t come at the cost of secretly exposing user data.