Finaly OTA. What can go wrong when everybody can program your SIM remotely ?

> What can go wrong when everybody can program your SIM remotely?

That's bollocks. An eSIM module is exactly the same chip as in a normal SIM card - right down to the electric specifications and communication protocols, so you can hook up a provisioned eSIM module to a phone or a SIM card to a device using an eSIM chip and it will Just Work (tm).

The only difference is that the eSIM module is allowing the baseband chip to flash a new set of cryptographic keys, a process that will (usually) require the cooperation of the main SoC to get and transmit said keys.

The only scenarios where an attacker could reprogram your SIM remotely is either a malicious actor in the provider network (at which point there is the question why an attacker would want to reprogram your SIM at that point, given all they can do is give your SIM card access keys to another network) or a malicious actor with an IMSI catcher.

In both scenarios the attacker would require an exploit in your specific baseband and the correct cryptographic keys (or yet another exploit) for the eSIM to accept the new profile... and at the degree of knowledge, hardware and the actual exploits required to get to the point a successful attack requires, your attacker will be a government or an NSO-scale enterprise. And seriously, at that point you already have lost anyway because they have exploits for the OS you're running on whatever device you use, they don't need to deal with taking over your SIM card.

Yes exactly, thank you.

A lot of phones already support eSIM. Apple will claim they invented it and some will copy the no Sim slot but there are still carriers that don't support eSIM so I don't see this taking off like removing the headphone jack.

Carriers without eSIM support will be dragged into the future if they want it or not.

I think that the risk is more about stealing the number more than reprogramming it. If I can move my eSIM to a new phone, so can an attacker.

> If I can move my eSIM to a new phone, so can an attacker.

No, they can't - there is (at least for modern SIM cards and eSIM modules, see [1]) no way short of decapping the chip to extract the secret keys once they are on the chip, and even de-capping is something that the chip industry has gotten pretty good on defending against.

An attacker would have to request a new eSIM profile (aka, new keys) from your provider to hijack your number, which is an entirely different threat model.

[1]: https://www.kaspersky.com/blog/sim-card-history-clone-wars/1...

I don’t know how you can say they can’t. The eSIM is just a number. An attacker can install it exactly the same way I did: I copy-pasted some numbers from an eSIM provider’s app.

I’m not talking about getting the number from the phone, but directly from the operator.

This is already a problem with regular SIM cards and people social-engineering customer support reps into getting their SIMs provisioned with other people's numbers.

Carrier incompetence will exist regardless of if the SIM is physical or virtual.