So, even if the vulnerability (with insecure keys) is fixed, unless the architecture is changed, I suppose all sim-cards will remain wide-open to intelligence services -- as one would have to assume that they'd put quite an effort into getting their hands on a copy of these keys.
I had no idea that SIM cards executed code. I naively assumed they just contained hard-coded information, similar to a credit card. The fast that they execute Java applets blows my mind.
Since iOS doesn't run Java applets, would all iPhones be safe from this? Or does this mean SIM cards run some form of JVM and can be infected regardless of the phone OS?