Ask HN: Why are SIM cards still a thing?

230 点作者 glennos超过 8 年前

Using SIM cards in mobile phones seems antiquated. Should there not be a software solution that lets you select which network/s the phone should connect to?Feels like this is probably the result of telco networks wanting as much friction as possible to change providers, but is there something more to it?

46 条评论

JoachimSchipper超过 8 年前

The SIM card is a smart card, i.e. a secure piece of hardware, that protects the telephone network from the subscriber - most importantly, it ensures that the network has someone to bill.In most western countries, SIMs do little else; however, they are full application platforms, allowing stuff like Kenya's mobile payment network <a href="https://en.wikipedia.org/wiki/M-Pesa" rel="nofollow">https://en.wikipedia.org/wiki/M-Pesa</a>.For what it's worth, you really don't want to have every network provider negotiate with Samsung for the particular access policy of that network. "Not compatible with your telephone" indeed!

评论 #12830054 未加载

评论 #12829173 未加载

评论 #12831849 未加载

评论 #12829147 未加载

评论 #12830554 未加载

评论 #12829096 未加载

评论 #12829340 未加载

评论 #12831874 未加载

评论 #12832949 未加载

vidarh超过 8 年前

On the contrary, it is the result of a concerted effort to reduce friction.With SIM cards, users can switch to a new phone by just moving the SIM, or switch to a new provider while keeping their phone (assuming its unlocked) by just replacing the SIM.Prior to SIM cards phones where frequently programmed to be tied to a specific provider.A pure software solution could work, but requires the network operators to be able to trust the phone manufacturers to secure it well enough to not let end users change things in ways they're not supposed to (e.g. consider a hacker harvesting authentication details from phones). The SIM card is the simple solution.

评论 #12829349 未加载

评论 #12830472 未加载

kalleboo超过 8 年前

The actual reason it's still a thing is because changing how thousands of network operators work in over 200 countries is quite difficult to coordinate. Even Apple tried to push a soft-SIM and couldn't get it going.But I'm glad for it, because the foresight of the designers of GSM to put your private key in a smartcard has absolutely improved consumer choice worldwide. I can buy an unlocked phone, travel to any country, buy a SIM card at the airport and pop it in my phone and the GSM(/UMTS/LTE) standards say it must work.A software-based system will quickly devolve into a "oh we haven't approved this phone on our network, sorry we won't activate it" and other anti-consumer activities you saw on the ESN-registration-based US CDMA networks.Hopefully when the GSMA adds eSIM to the standard, they add protections for consumer choice, but in the current corporate climate I fear they won't.

评论 #12833283 未加载

评论 #12830694 未加载

评论 #12829733 未加载

jacquesm超过 8 年前

SIM: Subscriber Identity Module almost says it all, on top of that a SIM can store your contacts (up to a certain number).The SIM is what separates your identity from the hardware of the phone (which has its own identity called 'IMEI').A 'software solution' would need a carrier, that carrier IS the SIM.Another nice benefit of having the SIM device is that it makes it much harder to 'clone' a subscriber ID, something that would regularly happen in the days before the SIM card, note that the SIM was a development that came along with GSM, and that GSM was the first mobile phone standard resistant against cloning. It's one part of the 2FA (something that you have) that gives you access to the phone network (the other being the PIN code (something that you know) required to unlock the SIM).

评论 #12832282 未加载

评论 #12830582 未加载

评论 #12831231 未加载

aq3cn超过 8 年前

You know if that happen then flip phone users will have hard time because network will promote only high end selective phones. SIM card gives you freedom of putting it in $25 or $640 phone and it works just fine. People with security, budget and privacy concern go for flip phones. Just like net neutrality, phone neutrality is a good thing. One should never be forced to purchase smart phone if he does not want it. A dumb phone just works fine for calling and text messaging. I have never used internet on my phone and I will never be excited about it (3G 4G, 5G or anything). I carry my laptop everywhere I go and it serves my need well.I must add you can find flip phones cheaper than cost of lightening cables.

评论 #12829092 未加载

bizzleDawg超过 8 年前

'eSIM' is on the way to replace sim cards. The biggest challenge of 'downloading a sim card' to a secure enclave on a phone is of course security.The GSMA and members (i.e. telcos) have been working on secure remote provisioning. I think it'll take a while for the technology to make it in to consumer devices, though it's likely to be used in IoT relatively soon.It takes a long time to spec these things up collaboratively and then even longer for telco's to act on it!See: <a href="http://www.gsma.com/rsp/2016/04/27/esim-opportunity-operators-innovate/" rel="nofollow">http://www.gsma.com/rsp/2016/04/27/esim-opportunity-operator...</a> and <a href="http://www.gsma.com/rsp/" rel="nofollow">http://www.gsma.com/rsp/</a> (Warning: Lots of marketing BS)

评论 #12829149 未加载

i336_超过 8 年前

A form of this has existed for a while but never caught on for fairly understandable reasons.Quite a few years ago (2005?) a family member purchased a Samsung-branded dumbphone on a contract. (Monochrome LCD (something like 128x64?), polyphonic ringtones, 3 fixed games, a (really slow, GSM data) WAP browser; that was it. Model SGH-something, I vaguely recall.)It had no SIM card slot. It was locked to the network (Orange - in Australia FWIW) via software. In order to unlock it we had to call up the telco and go through some process, which we decided not to do in the end (whatever it was, I don't recall), since the phone had less capabilities than the Nokias that flood India and similar places, so we concluded there was no point selling it by the time we dug it out one day and tried to figure out what to do with it. (It's still buried in a box somewhere IIRC.)I think this is why SIM-less phones are reasonably rare - it's really, really hard to de-contract them, unlock them and put them into sellable (or whatever) condition. Then once you've done that the recipient has to go through some equally arcane process to get the thing linked to a plan/contract too. And considering the ability to pass a phone on is a fairly major selling point - phones aren't solely purchased [preconfigured] on plans, then disposed - I think this was explored somewhat by the industry but ultimately left alone.Some of the other things I've found in this thread are really interesting, although I wonder how difficult it is to "unconfigure" such a device to sell or pass it on.

评论 #12833044 未加载

mianos超过 8 年前

For some perspective, check electronupdate's recent 'decapping': <a href="http://electronupdate.blogspot.com.au/2016/10/decap-of-cell-phone-sim-card.html" rel="nofollow">http://electronupdate.blogspot.com.au/2016/10/decap-of-cell-...</a> It is not just a little block of secure RAM labelled a 'smartcard'. It contains as much CPU as a low end phone. Amazing.

评论 #12829097 未加载

ex3ndr超过 8 年前

Because they handle private keys that is soldered to chip and can't be retrieved at all. Before sim cards there was something in the phones that can be easily reprogrammed and you always have to walk to your carrier office to "program" your phone. Swapping of sim cards is much easier.

评论 #12829088 未加载

dismantlethesun超过 8 年前

> Feels like this is probably the result of telco networks wanting as much friction as possible to change providers, but is there something more to it?In 3rd world countries, people regularly swithch their SIMs as they travel across borders because no one has cross-country access. Taking a SIM out only uses up a minute of your time, and standizing on a hardwardware dongle like that is great because if company A goes out of business, you just grab a new SIM and stick it in.It's a bit harder in the US, where phones are locked to their providers, and you need IDs to buy SIMs but that's really all just a regulation issue, not a technical one.

评论 #12829095 未加载

mrb超过 8 年前

There are many poor design decisions in the cellphone infrastructure, but the SIM card is probably one of its best pieces.Broken phone? Pop the SIM card into another phone, and you can immediately make and receive calls & texts on the new phone using your phone number.If you had no SIM card, how would you authenticate yourself to the cell network (that's what the SIM card does)? Going online and then providing a username/password? This would be horrible security-wise as we all know people are terrible at picking secure unique passwords. So hackers could try to guess your password, then they would use your account, receives your calls & texts, and they could steal your cell data, causing you to receive large cellphone bills, etc. A total nightmare.

raverbashing超过 8 年前

> Feels like this is probably the result of telco networks wanting as much friction as possible to change providersNo, it is the opposite.It is exactly done like this so you only need to get the sim card and not need to have the operator decide for you (of course people shoot themselves in the foot by signing a long term contract while getting a locked mobile phone)

评论 #12829197 未加载

TorKlingberg超过 8 年前

I work in the industry. I somewhat agree with you, SIM cards are a hassle, and I hope they will go away at least partially.As for why you still need them, I see some reasons:1. The alternative may be worse. At least with SIM cards you can switch operator when you want (if the phone is not carrier locked, bleh), or use a local prepaid SIM when abroad.2. Inertia. Removing the physical SIM would require getting operators and phone manufacturers to coordinate.3. The IM card is what securely identifies the owner of a phone number, and makes sure they are not two phones with the same number. With a software SIM, if it is done wrong, you risk getting malware that steals your phone number.Personally, I think we will eventually see SIM-free data only connections without a phone number. You really should be able to buy an LTE tablet, get online and just pay for some data. Apples has been trying a bit with the Apple SIM, but it is US only, and only works with a few operators.

评论 #12831801 未加载

matheweis超过 8 年前

Personally I really appreciate the fact that providers have SIMs. Verizon (major network in the USA) used to NOT have SIMs, and it was a huge pain to change phones out. Now it's as simple as swapping out the SIM.I hear you that it should be doable in software, although I'd argue that if anything you should still need the SIM as a sort of second factor. (Otherwise you run the risk of people stealing your phone account remotely).

评论 #12830736 未加载

jlgaddis超过 8 年前

As others have pointed out, SIM cards are basically smart cards. There's PKI, private keys, the ability to perform mutual authentication (although that's not usually done, at least in .us), and much more.Honestly, I wish their use would expand into other areas of our lives -- replacing username and password combinations for various devices (working for an ISP, home routers are one good example).As much as I'm against the idea of a mandatory "national ID", I'm convinced that it will happen someday (in .us, where I live). When it does, I believe it'll be something similar to US DoD's CAC [1]: a physical identification card that doubles as a smart card. The private keys stored on the card will allow you to prove your identity to your banks/financial institutions, e-mail account (100% encryption of all e-mails? Yes, please!), and so on.[1]: <a href="https://en.wikipedia.org/wiki/Common_Access_Card" rel="nofollow">https://en.wikipedia.org/wiki/Common_Access_Card</a>

评论 #12829189 未加载

评论 #12829805 未加载

pmontra超过 8 年前

My 5 yo phone eventually died at the beginning of October. I put the SIM in my tablet and I kept going until I received the new one two days later. A pure software solution would have worked as well, but the SIM is an authentication token. 2FA are all the rage nowadays and if we went pure software I bet we'll have to use a separate token anyway.

atamyrat超过 8 年前

SIM card provides hardware-based, simple and secure authentication of subscribers to mobile network operators. Until manufacturers start to embed standardized secure element on all phones, alternative software based solutions (password, etc.) are more complicated and insecure.

smileysteve超过 8 年前

> Using SIM cards in mobile phones seems antiquated.In the U.S., LTE is the first time that CDMA phones have had sim cards, that's ~2 years ago.The software solution (using IMEI and PUK) is the old technology. It's less secure; verizon and sprint will charge you ~$40 activation fees, etc.

informatimago超过 8 年前

The software equivalent would be a TEE (Trusted Execution Environment), but it relies on hardware support. Only a few arm processors and a few Android phone support this option. Apple has its secure enclave, but you cannot download trusted application in it, only Apple can do that.A 100% purely software solution can be built based on white box encryption. It's slower and may be more easily attacked than a hardware protection (you never know if/when some genius mathematician or physician (quantum cryptographic attacks) breaks your encryption. But it has the advantage that it can run on all devices. cf. eg. <a href="https://www.trustonic.com/solutions/trustonic-hybrid-protection" rel="nofollow">https://www.trustonic.com/solutions/trustonic-hybrid-protect...</a>Then of course, there's the problem of key management and distribution thru software. Using a physical token has several good security properties. Replicating them in software (encryption) is difficult and error-prone. For end users, and service provides, it's much easier to swap a SIM card, than to install securely cryptographic keys and authentication tokens into his trusted execution environment even with the help of well written software.

bogomipz超过 8 年前

I think they are still a thing because of the following:1) One SIMs are a bit harder to tamper with than the OS of a phone which I am assuming would be the alternative to a SIM card i.e storing the same information on NAND flash accessible to the OS. SIMs have some threshold(it used to be 3) of unsuccessful attempts to read the card. A lock is activated and can only be unlocked entering the unlock code.2) Carriers can talk directly to the SIM - A "SIM" is basically a Java applet that runs on UICC(Universal Integrated Circuit Card - the smart card itself.) I think a lot of people don't know that SIMs run Java - well Java Card. This mean that they can remotely lock a SIM card to prevent it from further accessing their network. If someone stole my phone or even just my SIM card I could call my carrier and they could lock the SIM remotely and consequently unlock it. They can also use the SIM to push new PRLs - preferred roaming lists. This is generally called OTA or over the air provisioning.3)Convenience, if I use a pre-paid services with an MVNO or travel to another country and buy a pre-paid SIM while on holiday, I don't need to do anything else except insert the new SIM and power on the phone. What would the non-SIM card alternative look like? Its hard to imagine it being easier.4)Carrier-locked phones, such as what you get when you are under contract to a carrier. The way phones are locked is by having the phone only accept SIMs from the carriers network. An unlocked phone will accept a SIM from any carriers network.If anyone is interested this DEFCON presentation - "The Secret Life of SIM Cards", is pretty interesting:<a href="https://www.defcon.org/images/defcon-21/dc-21-presentations/Koscher-Butler/DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf" rel="nofollow">https://www.defcon.org/images/defcon-21/dc-21-presentations/...</a>

tscs37超过 8 年前

>Should there not be a software solution that lets you select which network/s the phone should connect to?If I recall correctly german ISPs are trying to find a solution there by embedding the SIM into the device and then branding it on changing provider.The problems SIM cards are (trying) solve is largely to "secure" the phone network. This mostly boils down who to send the large bill when shit goes fan. (The mobile network is pretty much non-secure, which is why SMS-2FA is not a good solution at all)(They're also technically a backdoor for your ISP to do whatever they want)Anyway, the reason SIM cards haven't died yet is probably because there is not much reason to replace them. They're tiny (so Apple doesn't kill it for half a millimeter of thickness) and pretty useful for the ISP to setup certificates and connection details.

评论 #12840707 未加载

frik超过 8 年前

At least one can change the SIM and can un-locked phones that dan be used all around the world and I can easily swap the SIM card. Why change it, it works great as intended and all software service solutions would mean a middle man is in the game - that would suck, right? (except you eant to be the middle man)

jaboutboul超过 8 年前

There is actually an eSIM (embedded sim) specification (<a href="http://youtu.be/mLouo2mYjAU" rel="nofollow">http://youtu.be/mLouo2mYjAU</a>) that was released quite a while ago by the GSMA and its mostly up to the device manufacturers and carriers to implement it now.It lets you virtually subscribe to a network, so for example if you're traveling, you don't need a local card just pop up some software and choose a new network.Apple already has some devices that implement it, AFAIK, the iPad Pros use this. Apple calls it Apple SIM (<a href="https://techcrunch.com/2016/03/23/explainer-alert-heres-what-the-ipad-pros-embedded-apple-sim-means-for-you/" rel="nofollow">https://techcrunch.com/2016/03/23/explainer-alert-heres-what...</a>)

Razengan超过 8 年前

> Should there not be a software solution that lets you select which network/s the phone should connect to?Apple have begun a limited initiative towards just that: <a href="http://www.apple.com/ipad/apple-sim/" rel="nofollow">http://www.apple.com/ipad/apple-sim/</a>Telephone and internet connectivity should really be like electric supply and other utilities. We should be able to connect wherever we are and pay as-we-go through our device.As an interesting aside, here's look at just how complex SIMs are: <a href="https://news.ycombinator.com/item?id=12674846" rel="nofollow">https://news.ycombinator.com/item?id=12674846</a>They are practically equal to the computers we were using 30 years ago!

roaming_taco超过 8 年前

The concept of SIM cards will slowly fade over time as M2M/IOT devices start to emerge as consumer oriented products, devices will become more oriented around "SoftSIMs" and other embedded or virtual SIM products. The ability for IOT products to move across multiple networks will become a big aspect of the IOT, you need full redundancy and reliability when your product can never be offline.Why would I want a SIM card with one IMSI on it when I can have a SIM card with up to 20 IMSIs from various networks all around the world, or even better the ability to constantly swap and trade IMSIs from various networks, new connectivity set everyday. A global community calls for global connectivity.

trprog超过 8 年前

>Feels like this is probably the result of telco networks wanting as much friction as possible to change providersI don't understand how you came to this conclusion.I move between networks very regularly due to frequent travel to different countries. Pulling out your old sim card and putting in a new sim takes maybe 2 minutes. You are then immediately off your old network and on the new network. Once you have the sim in your possession you don't need to talk to anyone, fill in any details, log into anything or even remember anything.Short of some process that is 100% automatic I can't imagine a more low friction process.

评论 #12830415 未加载

mschuster91超过 8 年前

Yes, security and flexibility.1) Security: telco laws these days often require registration of accounts to your personal ID (i.e. no anonymous usage any more). How would a pure soft-SIM be able to fetch the data from the network?2) Flexibility: SIM is pretty much standardized. This means a newcomer MVNO just has to issue SIM cards and the customer can use any kind of phone (or other interface, like a modem, a 2G/3G shield, ...) to use the network. And if a device breaks, then the SIM card usually stays intact and can be placed in a new device. Not sure how to securely do this with a soft-SIM.

评论 #12829051 未加载

JoshTriplett超过 8 年前

SIM cards make it easy to change phones, by moving the SIM card to a new phone. CDMA phones make this hard, and sometimes impossible. They also make it a little easier to change carriers, since you can just switch the SIM card. It'd be even easier to switch if phones had that functionality built-in, so you could sign up for a new carrier and switch entirely via the phone, but in that case I think you'd find that carriers frequently broke that functionality.

rxbudian超过 8 年前

It's probably to prevent multiple phones using the same number. Some network infrastructures are quite old and supports only the basic protocols. Even inside a single Telco company, the hardware is most likely very diverse. That means any new technologies must be backwards compatible to allow the new phones to use the old infrastructure. Checking whether a phone number has already been 'logged in' in another Telecommunication company's network takes a lot of coordination, and it has to be able to do that globally, in a very short time (a few seconds at the most). Then they have to deal with what should be done if the legitimate phone owner is the one that could not log in (Ie, someone actually used your number somewhere else) etc...etc... it's opening a big can of worms to get this going.

alien3d超过 8 年前

Easy to switch telco . Easy to change phone if one out of juice,i do find power bank kinda hassle sometimes to carry around and charge the out of juice phone

droopybuns超过 8 年前

OEM software quality is so diverse that they can't be trusted to execute something as sensitive as identity.It also is a classic telco hedge.Step 1) We need towers to make this thing work. Let's build towers.Step 2) These towers are super expensive and make the expense amortization complicated. Let's sell the towers and then lease from the buyer.Step 3) oh crap. There is no encryption and people are cloning handsets. Let's use SIM cards to separate sensitive operations from the rest of the device.Step 4) manufacturing sims is complicated. Let's buy sims from other suppliers and make them sign off on unlimited liability clauses if their identity solution is compromised.It is all about two things: Preventing a single player from having too much power on the ecosystem and transferring financial risk. There is no evil plan. It's all rather mundane.

maxerickson超过 8 年前

Locking devices to networks (as US telcos do) makes it harder to switch providers than swapping a $5 SIM.Same with switching devices and keeping a provider. Using a SIM, takes about a minute. Not using a SIM? Call them or whatever, maybe pay a fee.

akytt超过 8 年前

Because of a power struggle between os vendors, hardware makers and telcos. The SIM provides a neutral way for them to coexist. Also, this decouples a lot if certification. A SIM and a phone are easier to work with than a phonesim

sdevoid超过 8 年前

Can someone explain the appeal of so-called "slim SIMs"? As I understand it, this allows you to load two accounts on a single device? And carriers don't like this aspect---or is it a security concern on their part?It amuses me that these slim-SIMs, and SIM cards in general, are one of the few pieces of technology that are utterly opaque to the user and yet are so widespread.Edit: For example, I recently upgraded to an iPhone 7, at the Apple store. This required a new SIM card, but the salesperson was very careful to return the old SIM card to me. Why? What am I supposed to do with this old SIM card?

KON_Air超过 8 年前

I think it is more of a traditional security approach of "pairing hardware with hardware" and a case of "not fixing what is not broken" instead of making consumers suffer. It just works.

评论 #12829327 未加载

xaduha超过 8 年前

Have you done any research at all into the topic?Here I am, asking myself why smartcards aren't so hot in modern 'hacker' community...

Dwolb超过 8 年前

There are some solutions out that are in software that are "eSIM" which allow devices to switch carriers through an OTA update.Also see a company called SIMless.There's a lot of market momentum around SIM cards and it keeps a telco's offering really sticky. It is more effort for people to swap hardware instead of software.

评论 #12829058 未加载

foobarqux超过 8 年前

Soft-SIM makes it trivial to sign-up for new mobile plans. This doesn't matter much domestically (maybe it does for multisim or cart abandonment) but it does internationally because of high roaming fees, which are a revenue stream carriers don't want to give up.

grymoire1超过 8 年前

The SIM smartcard is a cryptographic device that prevents people from stealing/copying/hijacking/cloning other phones/accounts/billing/credit/etc.Each SIM has a unique ID that is used to track/bill/identify your phone.

评论 #12829206 未加载

threeseed超过 8 年前

If you have an iPad there is already a software solution: <a href="http://www.apple.com/ipad/apple-sim/" rel="nofollow">http://www.apple.com/ipad/apple-sim/</a>It contains what is known as a remote provisioning SIM: <a href="https://www.gsmaintelligence.com/research/?file=81d866ecda8b80aa4642e06b877ec265&download" rel="nofollow">https://www.gsmaintelligence.com/research/?file=81d866ecda8b...</a>So clearly the only thing stopping the industry is the telcos who would very much like to make it as difficult as humanely possible for you to switch carriers. Especially in the US where there is a lot of competition and hence high churn.

评论 #12829100 未加载

ndesaulniers超过 8 年前

Esim is on the way. On mobile currently, but you should look it up.

nik736超过 8 年前

Xiaomi offers a Virtual SIM for years now. [0][0]: <a href="http://en.miui.com/thread-146080-1-1.html" rel="nofollow">http://en.miui.com/thread-146080-1-1.html</a>

评论 #12830858 未加载

RandyRanderson超过 8 年前

After Apple "broke the back" of the telco monopoly with their 2007 5-year deal with AT&T[0] it's been a slow progression in North America to the European-style subscriber-owned phones that are compatible across most networks.I, and many others were surprised at that deal because, up to that point, ppl had essentially carrier-owned phones and long contracts that locked subs (subscribers) to their network. This deal would allow ppl to install any software from the app store without telco approval.Telcos see the SIM card as their last beachhead. They are looking for at least 2 revue streams from this NFC SE (Secure Element)[1] real estate:1 Identity verification - Telcos rent "space" on the SE on which you store health cards, passports, driver's licenses, etc. 2 Cards - Telcos rent "space" on which you store credit, gift, debit cards.Carriers and Issuers (the bank that issues your credit card) are now fighting over that potential revenue stream (spoiler: it's tiny) while Apple has gone and deployed it with Apple Watch et al and is making a cut of the transaction fee. In contrast, the transaction fee is a huge stream however one can imagine the fun of negotiating a contract between all the parties involved (likely all multibillion dollar companies with teams of lawyers).Apple had tried to push a software SIM (containing a SE) but the carriers, from their POV, rightly and vigorously fought and will continue to fight against that[2]. Google is also trying with Android Wallet/Pay/...I suspect Apple will eventually use the same "wedge" approach with one of the US carriers and the others will fall in line.[0] <a href="https://www.engadget.com/2010/05/10/confirmed-apple-and-atandt-signed-five-year-iphone-exclusivity-de/" rel="nofollow">https://www.engadget.com/2010/05/10/confirmed-apple-and-atan...</a> [1] <a href="https://en.wikipedia.org/wiki/Near_field_communication#Applications" rel="nofollow">https://en.wikipedia.org/wiki/Near_field_communication#Appli...</a> [2] <a href="http://www.thememo.com/2015/07/30/five-years-on-apples-battle-to-kill-the-sim-card-is-nearly-over/" rel="nofollow">http://www.thememo.com/2015/07/30/five-years-on-apples-battl...</a>

noja超过 8 年前

<paranoid mode> What possible harm could a non-optional mini computer do to your phone?

markgamache1超过 8 年前

Why is asking a forum and not just googling still a thing???

评论 #12831936 未加载

gok超过 8 年前

Regulations.