Vulnerabilities in the eSIM download protocol

Vulnerabilities in the eSIM download protocol

MediaVideo
Yanac

Downloadable eSIM is replacing physical SIM cards in mobile phones. The GSM Association (GSMA) defines the consumer Remote SIM Provisioning (RSP) protocol that enables consumers to download SIM profiles to a secure element in their mobile devices. These profiles contain the credentials for authenticating the device and subscriber to the mobile network. The security of the downloaded profile is critically important for protecting mobile communication and billing, and various other applications depend on these credentials for user authentication. We modeled the protocol with formal methods and performed an in-depth analysis of its security properties. This talk presents the results of the analysis in an understandable form for security practitioners.

We will explain the RSP protocol architecture and the assumptions made in its design. We then present several realistic scenarios where the assumptions might not hold and vulnerabilities that arise. One observation is that the dependence of the RSP protocol on TLS encapsulation creates unnecessary weaknesses. Another observation is that the trust model of the protocol assumes all download servers to be trustworthy, and the compromise of even one download server will seriously weaken the protocol. Similarly, the protocol assumes all secure elements in all mobile devices to remain secure, and the compromise of a small number of devices can be misused to attack other devices and users. At the protocol design level, we show how the lack of pre-established identifiers contributes to these vulnerabilities. Additionally, we explain how the lack of reliable methods for verifying user intent to download an eSIM can lead to security failures that are similar to SIM swapping. We suggest improvements to the protocol and identify practical solutions for mitigating the vulnerabilities in the current eSIM deployments.

By:
Abu Shohel Ahmed | Dr, Aalto University
Tuomas Aura | Professor, Aalto University

Full Abstract and Presentation Available:
https://www.blackhat.com/eu-24/briefings/schedule/#vulnerabilities-in-the-esim-download-protocol-42505Black HatRead More