Embedded SIM Design Means No More Swapping Cards

judgecorp writes "A new remotely-programmable embedded SIM design from the GSMA operators' group means that devices can be operated on the Internet of things and won't have to be opened up to have their SIM card changed if they move to a different operator. The design could speed up embedded applications."

why?

why is this needed?

Re:why?

Because nano-sim is too big for Apple users because it's still bigger than their penises.

Re:why?

[viperidaenz]

waterproof phones? My Motorola Defy is good and all, but those rubber plugs and the seal around the battery cover can only take 1M of water pressure.

Re:why?

[Cimexus]

Well one reason I would like this is that the nano SIMs in a lot of current phones are simply too tiny to easily change while on a plane. I travel for work to several different countries and have a local SIM for each. Trying to manipulate and swap out those tiny SIMs while cramped up into an aeroplane seat sucks.

I could wait until I arrive I suppose, but it's something useful to do while you have dead time on the plane, plus there usually isn't a good place to do it when you arrive and are herded into the immigration/customs area of the airport. It's useful to have the local SIM in and working soon as you hit the ground so you can catch up on any important emails, check for schedule/gate changes for your next connecting flight etc.

Re:why?

[maliqua]

so you think it will be easier and more painless to have to call your provider each time you want to switch to activate it?

i'll take fidgeting with a small sim card over dealing with a call center

Re:why?

[Charliemopps]

the rubber isn't there to protect the sim card... unless they permanently embed the battery, you're still in the same boat.

Re:why?

[inasity_rules]

I think the issue occurs when one is out of the boat here.. In the boat is fine.

Re:why?

[Wycliffe]

Not only why? But I don't want it. This seems like a huge step backwards for consumers. One of the great things
about GSM vs CDMA is the ability to move a phone from carrier to carrier or a number from phone to phone. I don't
want an embedded sim that only the carrier can change and I can't swap to a different handset or carrier. Some
things I routinely do are swap a sim when in a foreign country or put my sim into an old cheap phone when I take
it to the beach or if my phone is acting up, dies, or needs to be charged.

Re:why?

[poetmatt]

Not only that, but imagine what happens when they refuse to assist you in switching?

When you have a physical sim you can swap it yourself. You have no such choice if you don't have control over the sim.

This is actually a very large loss to phone users unless you can reprogram it yourself.

Re:why?

[poetmatt]

So that you have to replace your entire phone if you have a bad sim.

I'm not sure how that's a good thing, but I'm guessing the carriers didn't think about that.

Re:why?

[ArcadeMan]

Yeah but if you're still in the same boat then you're on water and still need a waterproof phone, so you're back to square one.

Re:why?

I think I hear "vendor lock in" calling .

Re:why?

[JustOK]

But what if he's in one of those boats that go under water? You know, what do you call them? Sunk. That's it.

Re:why?

[R.Mo_Robert]

Not only why? But I don't want it. This seems like a huge step backwards for consumers. One of the great things
about GSM vs CDMA is the ability to move a phone from carrier to carrier or a number from phone to phone. I don't
want an embedded sim that only the carrier can change and I can't swap to a different handset or carrier. Some
things I routinely do are swap a sim when in a foreign country or put my sim into an old cheap phone when I take
it to the beach or if my phone is acting up, dies, or needs to be charged.

Good thing it isn't intended for consumers, then. Look, I know this is Slashdot and it isn't cool to RTFA, but, really, from TFA:

Despite the convenience of over-the-air management, the GSMA says the embedded design is not meant to replace conventional SIM cards, even though this exact idea was floated when ETSI was deciding on the future of the nano-SIM in 2012.

Re:why?

[neokushan]

I know he was trolling, but he never said it was too heavy...

Re:why?

[viperidaenz]

The rubber plugs are for the USB and headphone sockets.
When was the last time you saw an iPhone with a MicroSD card slot or replaceable battery?
If there was no MicroSD card, SIM card and no replaceable battery, there would be no need for the removable back cover, that tends to fall off every now and then after two years of use.

Head phones can be replaced with bluetooth, charging can be done wirelessly, plugs can be made water proof.

The mic, speaker and vol/power buttons are already waterproof.

Re:why?

Just because it's not meant to doesn't mean it'll never happen.

Re:why?

RTFA. They're not talking about phones; they're talking about assorted Internet-of-Things devices--how your toaster and your microwave talk to your Roomba.

Do you want your smart electric meter to stop talking to your electric company because they're switching network standards and don't have time to send a technician to change SIM chips in every meter in the city? With this, your meter can be reprogrammed to connect to an updated network without a service call to your house.

Of course, if someone hacks the network and reprograms your meter, that's bad. But don't we have the same risk now? And if this allows your electric company to update your meter to a more secure protocol on the fly, that's a good thing, isn't it?

Re:why?

[mrchaotica]

And FISA wasn't "intended" to allow the NSA to spy on Americans. But you can see how that worked out!

Re:why?

[VernonNemitz]

I'd say it is not needed. Because anything described as "remotely programmable" means "remotely abuse-able". Botnet operators will love it.

Re:why?

[PPH]

You can't fiddle with your cell phone on a plane anyway. You could cause it to crash.

Re:why?

[CreatureComfort]

I use Windows Phone, it crashes anywhere *you insensitive clod*.

Re:why?

[cheater512]

I think you'd have bigger problems unless your emergency plan is to use your mobile to call for help.

Re:why?

[puto]

My Defy has gone down 20 feet with no problem.

Re:why?

[Hentes]

That much water would block the signal anyway, what's the point of bringing a phone underwater?

Re:why?

[Jane+Q.+Public]

"I'd say it is not needed. Because anything described as "remotely programmable" means "remotely abuse-able". Botnet operators will love it."

My thoughts exactly.

If I buy a phone, I want it to be MY phone. I don't want or need "remotely programmable" bullshit. I am so tired of this kind of garbage I can hardly put it into words.

Re:why?

[nospam007]

" I don't want an embedded sim that only the carrier can change ..."

They wish.

Re:why?

[neokushan]

What, like all modern smartphones?

Re:why?

[CohibaVancouver]

Did you even RTFA? This is for the 'internet of things' - Imagine you want to move the anti-theft system in your motorcycle from carrier A to B. Or a city wants to move their digital parking meters to a cheaper carrier. Instead of needing to move a physical SIM you could do is online.

Or an online watch, where there are advantages to having it sealed up, with no SIM slot. Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.

Re:why?

[ArhcAngel]

Did you even RTFA? This is for the 'internet of things' - Imagine you want to move the anti-theft system in your motorcycle from carrier A to B. Or a city wants to move their digital parking meters to a cheaper carrier. Instead of needing to move a physical SIM you could do is online. Or an online watch, where there are advantages to having it sealed up, with no SIM slot. Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.

Imagine all of those scenarios except the person/entity making the changes isn't the owner.

Re:why?

[MiniMike]

To take cruddy underwater pictures?

I always thought that the main benefit of waterproof phones is not to enable underwater use, but to protect against accidental plunges.

Re:why?

[ScooterComputer]

Carriers will love it too, since they'll once again make the device owner beholden to them for the "magic keys".

Re:why?

[Obfuscant]

Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.

When I travel with my phone, I don't even want to turn it on before I put in a new SIM for the local system. Turn it on, it registers with the local carrier and your home carrier starts forwarding calls to it -- at international rates.

I certainly don't want "presto" reprogramming my SIM. I don't want to have to call my home carrier to tell them to move it to X, and then X to have them move it back, and have one or both of them charge me for the privilege of screwing it up so I have no working phone at all. No thanks. That's one of the benefits of having GSM versus whatever. The phone is the SIM, and I can carry more than one to be more than one thing. And I can use the second SIM in my backup phone without it costing me a second plan on both carriers.

Re:why?

[JustOK]

Well, maybe post to Twitter

Re: why?

[RyuuzakiTetsuya]

You mean like with current GSM setups? If the operator doesn't like you they can just zap your IMEI or any other identifiers.

Re:why?

[viperidaenz]

So if it gets wet it doesn't stop working.

Re:why?

[anagama]

Exactly how many bars of service do you get under any significant depth of water? How garbled is the voice stream?

Randomly googling, check out the third response:
http://www.scubaboard.com/forums/archive/index.php/t-290525.html

Re:why?

[TeknoHog]

waterproof phones? My Motorola Defy is good and all, but those rubber plugs and the seal around the battery cover can only take 1M of water pressure.

Oh yeah? Well mine can take 55.56 M of water concentration. I'm not sure about the pressure/depth though...

Re:why?

[Jane+Q.+Public]

This.

It's YOUR phone. You should be able to do anything you want with it, and use it with any carrier of your choice. I see no justifiable reason why "someone else" should have control over ANY kind of "remote" control over it.

As I wrote to someone else: that's trading freedom for a little bit of convenience. In the long run, that will turn out to be a bad trade almost every time.

Re:why?

[anagama]

The thing is, everyone makes their phones as thin and dense as possible. Which means they sink like a stone. A couple months ago, I watched a person pull a stocking hat out of his coat pocket ... the same pocket his iPhone was in ... a fraction of a second later, there's a sickening little splash sound and a short time after that, the realization that his phone had become lodged in marina muck under 15 ft of saltwater. Unless the phone floats, accidental plunges only protects against toilets and mud puddles.

Re: why?

[Jane+Q.+Public]

True, there's not much you can do about IMEI. But "other identifiers" can be flashed to different values.

Re:why?

[Jane+Q.+Public]

Bit of an edit blip there. But I think what I meant was clear enough.

Re:why?

[CohibaVancouver]

Further, why would you want your "internet of things" to operate via telephone towers and telephone carriers?

What else would your motorcycle use? Parking meters? Your burglar / fire alarm? Telemetry at a natural gas junction? Traffic sensors? The wrist band to track granny when she has Alzheimer's? The "Next Bus" sigh at your local bus stop?

...and that's off the top of my head in 30 seconds. I'm sure there are many more.

Look out the window...

Re:why?

[petermgreen]

I'm not convinced of that. Swapping a sim is something I can do myself quickly and easilly/. ill I be able to reprogram these myself or will I have to call up one or possiblly both of the carriers involved and ask them to do it? how long will that take? hours? days? will scummy "virtual carriers" be able to "hijack" devices and bring them onto their "network" without the owners permission? will it be reasonablly possible to transfer a device between carriers in different countries?

Re:why?

[FatLittleMonkey]

That much water would block the signal anyway, what's the point of bringing a phone underwater?

So that you have a phone when you surface a few miles from the dive-boat. (Or when the dive boat captain http://en.wikipedia.org/wiki/Tom_and_Eileen_Lonergan">miscounts divers and leaves.) You'd be surprised how far out to sea you can get at least emergency coverage.

Re:why?

[aaronb1138]

This is stupid. Moving a physical token is easier, faster, and more intuitive than digging around for credentials to some website or worse yet, dealing with your mobile provider to transfer an account. It's nice to know if my phone breaks, I can grab my previous model on the spot and shove the sim in and have a working phone without trying to deal with the provider. Even more so if I am playing with ROMs and hacking away at a couple pieces of hardware.

Doing things online to physical devices is usually slower, less efficient, and less intuitive.

Re:why?

This isn't designed for use with phones, its meant for machine to machine communications. Article is very clear on this point.

Re:why?

[FatLittleMonkey]

what happens when they refuse to assist you in switching?

Or charge you for the service. Essentially it's like locking the handset or device to a provider. It effectively eliminates "unlocked" devices, and allows major providers to significantly undermine cheap prepaid service resellers.

Re:why?

[Miamicanes]

Apparently, other carriers learned nothing from the total well-deserved hate Sprint took over the Photon Q's "sealed SIM" that locked you into their rip-off roaming rates when outside the US on GSM networks.

In the end, the Photon Q was one of the worst-selling phones in Sprint history. The sealed SIM was such a staggeringly huge anti-feature, even people who didn't CARE about international travel wouldn't even give it a second glance once they found out about it.

Re: why?

[OnceWas]

This would be hugely useful for remotely deployed ship-based (operating near shore) sensors which use cell networks to send back readings. For security and environmental reasons, the sensors are sealed boxes with no physical access to what's inside, including the SIM. What happens if the device is moved to another carrier's coverage area, or another country? What happens if the current carrier goes under, or they jack up their rates, or change their roaming policies? Right now, a carrier going under would brick the device.

Additionally, think beyond phones, as TFA implies. Physical access to a SIM is a security risk in itself. I would rather restrict phyical access to the SIM, and have password restricted access to a reprogrammable SIM than have my sensor drop off the air, or start sending readings somewhere else altogether.

Re:why?

[mcgrew]

My Kyocera Edge is the same way, 1m. But it isn't "waterproof" so you can scuba dive with it, it's so if you drop it in the sink or toilet or get caught in a pouring rain it won't be ruined. I've lost two phones like that, one dropped in a sink and one when I was caught in a downpour. I started carrying a baggie in my wallet after that, now I don't have to. If it gets wet, no problem.

Re:why?

[mcgrew]

I don't know about his Motorola but I imagine it's like my Kyocera; the battery is protected by a rubber seal.

Re: why?

Not true at all... Android phones with the MediaTek chipset includes utilities for re-writing IMEI (SIM slot) and IMSI (SIM card) identifiers in the Engineer Mode utils, accessible by punching *#*#3646633#*#* into the phone dialler...

Re:why?

[Jane+Q.+Public]

"What else would your motorcycle use? Parking meters? Your burglar / fire alarm?"

... WiFi? Bluetooth? Maybe via YOUR PHONE?

Re: why?

[Jane+Q.+Public]

I knew IMSI could be overridden, but I didn't know IMEI.

Re:why?

[gl4ss]

I'd rather not have the toaster talk to my tv through the isp....

if the virtua-sim was some credentials to network or something like that.. sure, fine. but then they wouldn't need to make a big deal out of it really.

the reason people don't like is this that whoever runs the over-network for configuring these things gets too much power and can decide on lists of devices where you can't change the sim... ..so curious how this pops up on the market about the time cdma is about to die.

Re: why?

[ArhcAngel]

The operator IMO would be considered an owner of the service. I was referring to third parties not affiliated with either the device or service.

Re:why?

[AmiMoJo]

I use these SIMs at work and they are nit really designed for phones. I use them in embedded applications. We can build them in at the factory, no need to worry about what part of the world the device is going to or fiddling with unreliable SIM sockets. They come with a few kb of free data for testing.

When the customer gets our product (a data logger or remote sensor) they tell us where they are using it and we set the SIM up remotely to use a local service provider. We can also things like signal strength tests and tell them if there are problems with a deployment.

SIM management is a lot of work for our customers so they love these things. They are more reliable too.

Re:why?

[AmiMoJo]

I use these at work. You get a web site that lists all your SIMs, how much credit they have, what network they are on etc. You can do things like set them up to connect to the cheapest network, unless the signal is bad in which case use a more expensive one. All in batches too.

It is much easier than managing physical cards. Most companies don't use contract SIMs, they have to add credit manually when needed. When you have 10,000 devices it needs a lot of work to manage them.

Re: why?

[MeNeXT]

You can change/flash the IEMI.

Re:why?

[JustOK]

Use sms to post to twitter

Re:why?

[Hognoxious]

Quite. I'd be surprised if some spotty little herbert in Vilnius hasn't hacked it already.

Re:why?

[DarwinSurvivor]

This is actually what I was thinking. Have the phone store as many SIM's as you need with a software tool to switch between them. When signing up for a new provider, they could have you touch an NFC terminal or scan a QR code to save a new SIM into your phone.

The problem with this is that it becomes complicated if you want to do the equivalent of using a sim card in multiple phones. I'm not sure what the network would do (in technical terms) if 2 devices tried to use the same SIM identifier at the same time. If they don't let you store the same SIM in multiple devices, it would be more difficult to switch to a new device because you would need to put all the SIM's into the new phone (which with QR's could potentially be done through the provider's website).

Re:why?

[tragedy]

This is needed because Douglas Adams was a genius. From _Mostly Harmless_:

It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant --- a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.

Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all- purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense.

I mean, what kind of sad, pathetic, ridiculous version of the future do we live in where drooling morons get to present us with the brilliant idea of a "Subscriber Identity Module": now permanantly embedded into the device for your convenience!

What could possibly go wrong.

[jellomizer]

Compared to a hard wired chip, we got something controlled by software. And a lot of Devices that likes to be jail braked.

Re:What could possibly go wrong.

[Carewolf]

The point is that in many places it is not legal to put in a phone "in jail" in the first place. So if they want to get rid of physical SIM card they need a non-physical way of changing the phone to a different provider on the fly.

Re:What could possibly go wrong.

[Em+Adespoton]

This... right on the heels of Embedded cameras that can spy without lighting up due to the same switch from "what you have" to "what you know (which can be reprogrammed)."

Re:What could possibly go wrong.

[Em+Adespoton]

The point is that in many places it is not legal to put in a phone "in jail" in the first place. So if they want to get rid of physical SIM card they need a non-physical way of changing the phone to a different provider on the fly.

But that's not the point... that's the result. The question is: Why do they want to get rid of a non-programmable security chip in the first place? This means that every device shipped could be reflashed with a custom keyset anywhere along the distribution path, or even after final sale. What with China slipping wifi-enabled attack bots into regular home appliances (like toasters and irons) delivered to Russia, it wouldn't be too difficult to totally reconfigure someone's internet of things to a similar end. This reminds me of the wireless "security" cameras that used to broadcast the video signal in the clear for anyone to view.

Sounds good in theory...

[langelgjm]

Sounds good in theory, just so long as the "remote provisioning" can be handled by the user of the device, and the user doesn't have to ask permission from anyone.

Re:Sounds good in theory...

[tysonedwards]

Considering that they explicitly say: " ... remotely assigned to a network. This information can be subsequently modified over-the-air, as many times as necessary.", odds are that this will be a repeat of the procedures followed on CDMA networks where it is entirely the Carrier to take care of a change, and who can choose not to should they not sell/support the device you wish to use.

Re:Sounds good in theory...

[master5o1]

I'd like it as if it was just:

Settings > Networks:
Set phone network to use.
Set phone number to use (identity on the network).
Set passphrase to use (probably a key given by the network, like PUK code).
Connect to network.

Ooooo OAuth2 like would be interdasting.

Re:Sounds good in theory...

[icebike]

Sounds good in theory, just so long as the "remote provisioning" can be handled by the user of the device, and the user doesn't have to ask permission from anyone.

Don't be silly, it is precisely that capability which the carriers want to eliminate.
There is nothing wrong with SIMs. You know when you change out your sim card that your ties with the prior carrier are interrupted. Who knows what information this scheme will provide to your prior carrier, or government monitors.

This seems more likely to provide protection for Government wire tapping than any benefit to the user.

Re:Sounds good in theory...

[Charliemopps]

It's a bit more complicated than that since all the carriers in the US use wildly different frequency bands. I've got a Lenovo S750 (waterproof and all that) thatI love, but can't get over 2G speeds due to all the spectrum issues in the US. Also, it has TWO sim cards so I can be on multiple networks at once. Lucky for me I'm usually in range of wifi so its not really a problem. Streaming pandora while I drive down the road is about the only thing I miss, and I didnt do that much anyway.

Re:Sounds good in theory...

[fisted]

OAuth2 like would be interdasting.

Would it? Well, OAuth's lead designer politely disagrees

Re:Sounds good in theory...

[master5o1]

And I thought phones these days were packed with multi-frequency band capabilities to allow that crap.

Or at least to make it cheaper for device manufacturer by selling one phone capable for all networks. But hey, I don't know the US mobile landscape.

Re:Sounds good in theory...

[bill_mcgonigle]

Don't be silly, it is precisely that capability which the carriers want to eliminate.

Yeah, if *you're* not controlling the access to the SIM module, then *somebody else* is. If anybody can think of a secure way to make this happen without the user losing control, please leave a comment.

Re:Sounds good in theory...

[Miamicanes]

I hate to break it to you, but frequency bands are the LEAST of our problems. Google "LTE Lock-in" and read the tales of misery about how even two nominally-GSM networks (AT&T and T-Mobile) have managed to make themselves almost as proprietary & hardware-locked as Sprint & Verizon, unless you're willing to live without LTE. As of this moment, there's ONE (maybe two... not sure about the Nexus 5) phone(s) known to be capable of doing LTE on both AT&T and T-Mobile (the HTC One... IF you buy the special Google Edition; the carrier-branded variants are LTE-locked at the radio modem level EVEN IF you remove the SIM lock).

Leave it to American mobile phone networks to find a way to pwn even GSM.God forbid, if Sprint ends up being allowed to buy T-Mobile, they'll probably program their new tower hardware so it refuses to talk to phones with SprinT-Mobile SIM card unless the ESN is in their holy database of carrier-branded phones.

Huh...

If you don't take it out. And don't change it.

Why even have it at all?

You made it a useless part. Remove the useless part.

Re:Huh...

[PPH]

Good point. But I take my SIM out and change it quite often. A few times a year when I travel. And every couple of years when I upgrade my phone.

Re:Huh...

[FatLittleMonkey]

I think he's saying that if the sim-module can't be removed, how is it different from the existing IMEI module? In which case, why not remove it entirely and just use the existing handset/device IMEI identification? (Since you will have to ask the provider to please-sir let you access the remote-sim function, why not push it onto the provider side anyway?)

[I hate the idea. I've recently had to swap sims back and forth between handsets for an ageing parent, trying to find one they can use, retrieve their data, etc, when their old one crapped out. I can see having to do something similar with always-connected devices.]

Happy trails

[A10Mechanic]

Neat, an audit trail that follows you, forever.

Re:Happy trails

[icebike]

Neat, an audit trail that follows you, forever.

A wiretap that follows you around as well.

Re:Happy trails

[viperidaenz]

There already is one.
The phone already has a unique ID as well (that you aren't supposed to be able to change, and in some countries is illegal to do so because its used to black list stolen phones), called the IMEI number. The SIM card has an IMSI number.

Re:Would not be a problem at all

[master5o1]

Yeah, I don't know what all the functions of the SIM is, but I don't understand why it wouldn't need to just be the phone + something:

User inputs their cell number, a passphrase to authenticate with that identity on the network, and selects the network.
Network authorises that instance of the cell number on the network.

Probable downside is the same as a lot of user+pass systems instead of controlled hardware key: multiple logins, probably from attackers.

It also means no user SIM swapping

[Guy+Smiley]

This also means that users can no longer swap the SIM card to move a device between carriers (e.g. putting in a local SIM when traveling). I doubt that the carriers are going to make this easily changed by users, since it means less lock-in.

Re:It also means no user SIM swapping

[Nethemas+the+Great]

It also means that you have to go through your carrier to change your device. Regardless of where or how you obtain your device you will always have to go down to your local shop and have them push the config.

Re:It also means no user SIM swapping

[Neil+Boekend]

Here in Europe it will probably be illegal for the provider to fuss over it, delay with it or charge for it. It is already so for taking your number with you to a new provider.

Ah, the US. Land of the free (if you happen to be a company).

Internet of Things

[rogueippacket]

This buzzword annoys me even more than Cloud. Cloud has more or less become common vernacular for describing Internet-connected servers which you may or may not own, but the term Internet of Things seems to imply that a) there were no "things" on the Internet before now and b) the "old Internet" simply isn't hip enough to run more devices, and you should be clambering all over a vendor to be a part of it. Ugh.

Re:Internet of Things

[vux984]

cloud was inevitable; every network diagram I've ever seen always represented the internet as a "cloud".

I've always thought it was perfectly approrpriate too. Its a relatively opaque morphous network outside of your direct control, there's "stuff" in it, you can connect to but you don't really know what or where it is.

And cloud storage and cloud compute etc is literally moving those servers on those diagrams INTO the cloud. :)

So cloud doesn't bug me as a term at all. As a trend it offends me greatly, since in many cases it is STUPID to move your stuff into the cloud, and companies are doing it because its trendy and hip and has a low upfront cost. But that's a separate issue.

Internet of Things? Meh... I think you are reading too much into it. The internet is traditionally clients and servers that were recognizable as computers. The internet of things is just referencing the recent mass push to put a lot of things on the internet that aren't really recognizable as computers... from your cofeemaker to your thermostat.

I've never really gotten a sense that it was "new" or "hip" or that it even required a "vendor".

Re:Internet of Things

[sir-gold]

There were no "things" on the internet until recently, there were only computers.

Re:Internet of Things

[Em+Adespoton]

There were no "things" on the internet until recently, there were only computers.

Ah; so the difference is that we've stopped calling them computers and are now calling them things?

I used to be able to dispense items from a vending machine over the internet back in, hmm... around 1995. Sure, the controller was a microcomputer hooked up to a PIC controller via the COM port, but that vending machine was still on the internet. I think there was an earlier one where someone created a terminal interface for a vending machine so that it was directly hooked up to the mainframe.

Oh, and remember network printers? I've been able to print to a postscript printer over the internet since 1991.

I'm sure I could go on if I thought about it enough....

Re:Internet of Things

[unixisc]

There are a lot of things that I can imagine that wouldn't be described as computers, but could be on the internet. Home security systems. Garage door openers. TVs (okay, that one is arguable). Washing machines, driers, ovens... any number of things that, w/ an embedded kit, could be remotely addressable and controlled from outside. Like you're on the road when your spouse calls you, telling you that s/he is stuck outside. Or you've left home, but remember after 10 minutes that you forgot to turn off the oven. Or your kid accidentally sets off the home alarm. All these things could be remotely controlled by you w/o necessarily needing to drive 20 miles back home.

Only thing - they do need to completely embrace IPv6 and retire IPv4, b4 they get onto this internet of things.

Re:Internet of Things

[0123456]

Yes, I totally want my oven and doors controllable over the Internet.

Totally.

Absolutely.

It makes so much sense.

I mean, what could possibly go wrong?

Re:Internet of Things

[Em+Adespoton]

Yeah; what us old timers are scratching our heads about is this:

All the things you've suggested have been on the internet for years. There have even been ethernet RS232 adapters the size of your little finger for around 10 years (yes, they used a hacked IPv4 TCP stack).

About the only thing that's changed is miniaturization and wireless connectivity; now instead of your coffee maker being wired through a com port adapter to an ethernet cable that then connects to a central computer that controls its functions (and can be controlled itself via remote shell or web interface), you have the entire computer embedded inside the coffee maker with WiFi access, so all it needs is an access point and an electrical outlet.

Re:Internet of Things

[cascadingstylesheet]

Yep. It's meaningless. Computers are and always have been things; it's as stupid as saying "the phone network of phones" or "the bookstore of books".

Re:Internet of Things

[unixisc]

One can always restrict it to within a VPN

Security Nightmare

[The+Raven]

I can see the utility, but this seems like a security issue. Isn't one of the purposes of the SIM to provide a physical identity chip? Why does it need to be programmable? Shouldn't you just say 'this SIM now has access to this network'?

I probably just don't understand the function of a SIM card well enough to get the significance of this. Can someone clarify? I am not 5, FYI, and I can understand multi-syllabic words.

Cloning a phone just got easier...

[neorush]

How long before the market for phone serials are is just as big as credit card data. I would imagine this technology be jail broken in hours and then the bad guys can easily change phone numbers. Imagining being able to change phones in-between calls, or how about randomly using a stolen one...that said, I do feel moving this to software is a good idea. As long as I can switch carriers as easy as the carriers can switch it.

Re:Would not be a problem at all

a SIM contains a cryptographic signature and some other things.

It's basically a watered down TPM that has a unique ID, a few kilobytes of storage, and a cryptographic key set.
A physical device like that makes it difficult to replicate the functionality of the SIM card, making it harder to make one device use the credentials and system identity of another device. (EG, it makes it harder for an attacker to steal your network identity and make lots of 1-900 number calls, which will then show up on YOUR bill, amongst other things-- like framing you in a murder by making all his calls with your number, etc.)

Making this an easily reprogrammed internal chip makes that physical level of security go away.

That's a bad thing.

Sometimes being inconvenienced is really in your best interest.

Re:Would not be a problem at all

[viperidaenz]

... then you need to manage the passphrase. Then all someone needs to do is find your password and they can answer your phone calls, receive your text messages - like two-factor text codes

A sim card is more secure than passphrase, since no one gets told the private key stored inside it and its never transmitted anywhere, except when its initially programmed by the telco.

What could possibly go wrong?

[CokoBWare]

I view this as bad for a number of reasons:

1. Normally, when you have service, it's attached to the SIM, not the phone. With this new embedded SIM model, this goes away. Your service is attached to the phone. Bad.
2. Remotely programmable means that it will be even easier for hackers to fuck with your phone. Bad.
3. Your phone is really no longer your phone. The carrier will have ultimate jurisdiction over the phone, unless you pull the battery. Bad.
4. If I lose or seriously damage my phone, my SIM is gone, and I HAVE to buy a new phone and activate it again. Bad.

I won't want a phone like this if this is how the carriers want to do business. I'll keep my removable SIM card thank you very much.

Re:What could possibly go wrong?

[mlts]

You hit the nail on the head. With CDMA providers, unless you buy the device from them, AFAIK, they won't allow it on the network. With GSM providers, if you had an unlocked device with the proper antenna bands, it would work without issue, and just swapping the SIM did the job. No calling up and pleading for permission to use the device, just a card swap and perhaps a power cycle.

A simless device gets us back to the bad old days. With those, I have to beg/plead with the telco in order to have a device allowed on their network, and they can easily just give me the middle finger.

Thumbs down on simless devices.

Re:What could possibly go wrong?

[TechyImmigrant]

Yup. I will never be a customer for a phone that doesn't let me use the SIM of my own choosing.

Re:What could possibly go wrong?

[wonkey_monkey]

1. Normally, when you have service, it's attached to the SIM, not the phone. With this new embedded SIM model, this goes away. Your service is attached to the phone. Bad.

It's not even for phones - maybe some day, but not yet.

Re:What could possibly go wrong?

[Tanuki64]

And what will you do? The majority of people are only brain dead and arrogant meat, which calls people like you tin foil lunatics, and buys those phones if it thinks it can save a fraction of a cent. Given enough buyers, piece by piece SIM card phones will vanish. Even if you stockpile a few phones, what if the carriers won't support them anymore? Stop using cell phones at all?

Re:What could possibly go wrong?

[Neil+Boekend]

Wow, it is still legal to block non-provider-branded phones on a network in the USA? Don't you have a free market?

Re:What could possibly go wrong?

[TechyImmigrant]

Fraction of a cent? I travel. Using local SIMs saves me far more than the full price cost of the phones.

European law requires the SIMs as a condition of using the GSM, 3G and LTE spectrum, or at least it did the last time I checked. So unless the US invades Europe, I don't think they are going away.

Who, exactly, gets to send over the air updates?

[Animats]

To fix this issue, the GSMA has developed a non-removable SIM that can be embedded in a device for the duration of its life, and remotely assigned to a network. This information can be subsequently modified over-the-air, as many times as necessary.

What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier. This looks like something where you beg and plead with your old carrier to let you switch your device to a new carrier. There's a lot of elaborate key management in this system, and compromise of certain keys could break the whole system.

Spec for the system architecture.

Or: more network lock-in like CableCard did in US

CableCard was supposed to allow "better interoperability of set top boxes" in the US, but it ended up going almost nowhere because the cablecos could effectively advertise its features while stonewalling its implementation in favor of their own proprietary STBs.

Given the history of carriers to cooperate and interoperate on a device level, I think the result will be similar for this. Consumers need to have control and in my mind that means a thing you can access as a consumer; be it a hardware card you swap or an interface on the device. This solution buts things squarely back in the hands of the carriers.

Re:Also, would never work for European market.

[TechyImmigrant]

I live in the USA and I'm in the UK right now, using a local SIM. If you don't offer than capability, you've shrunk your market to only the people who don't travel (hint:not the ones who tend to buy the fanciest phones).

Hardware write locks?

[mrex]

I'd be OK with this, under one condition - a hardware-based write protection lock that is absolutely 100% not able to be bypassed or circumvented in software.

I'll never understand why this incredibly basic feature that is so easy to design, cheap to implement, and valuable to device security went the way of floppy disks. How awesome would a thumb drive with a hardware write lock be?

Re:Hardware write locks?

[Bill+Hayden]

How awesome would a thumb drive with a hardware write lock be?

These exist. I use one regularly to load malware-cleaning software onto infected machines, without risking getting the thumb drive itself infected.

Re:Hardware write locks?

[mspohr]

Your hardware lock would negate the advantage of the embedded SIM design. The reason for embedded SIM is that you can remotely change the carrier, phone#, etc. without having to physically access the device. This is intended for use in devices such as cars, machinery, etc. It is not intended for use in your phone (most people here seem to have missed that little detail). If you have to physically access the device to flip a hardware lock, you might as well just use a regular SIM.

Re:Hardware write locks?

[wonkey_monkey]

It is not intended for use in your phone (most people here seem to have missed that little detail)

How can you expect us to fulfil our need to become apoplectic with nerdrage if you want us to notice things like "details"?

Re:Hardware write locks?

[mspohr]

I agree. The discussion would have been much shorter and a lot more intelligent if people hadn't felt the need to rage about "prying my SIM from my cold dead hand".

Re:Hardware write locks?

[mrex]

Can you link me to one? I still use an old SD card and reader for exactly this reason.

I think my larger point stands anyway, though. Why aren't write locks absolutely bare bones standard on any writable device?

Re:Hardware write locks?

[mrex]

Fair point. I can envisage scenarios where modifying the SIM remotely would be helpful. Then again, I can envisage scenarios where it could be a very, very bad thing. My main point was user empowerment - if I can choose between two models of a device, one with a hardware lock, one without... I'll be happy with that.

Not like cellular device security is anything but an oxymoron anyway...

Re:Hardware write locks?

[mspohr]

It's not for your phone. You can keep your SIM.

Re:Hardware write locks?

[schlachter]

How awesome would a thumb drive with a hardware write lock be?

They exist. Check Amazon.
SD cards have the same.

They make great secure boot drives.

Re:Hardware write locks?

[Anti-Social+Network]

I've seen a few of these around, they were fairly expensive for the storage volume last I looked. Instead, I've taken to using a portable TrueCrypt executable and mounting a pre-loaded volume in read-only mode so that, at least, my tools aren't arbitrarily deleted (you'd be surprised how often this happens to useful utilities particularly with Norton and Mcafee protections installed...). Not perfect for e.g. preventing auto-run viruses from spreading across sneakernet 2.0, but better than restoring from backup constantly

Re:Hardware write locks?

[Bill+Hayden]

They are a bit pricey and hard to find. Here's one I found on Amazon:

http://www.amazon.com/gp/product/B008OGNM8E/ref=as_li_qf_sp_asin_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B008OGNM8E&linkCode=as2&tag=wbh-20

Re:Hardware write locks?

[wonkey_monkey]

The discussion would have been much shorter and a lot more intelligent if people hadn't felt the need to rage

You might as well make that your sig. Well, maybe not you, based on your current one. Someone though.

Re:Hardware write locks?

[petermgreen]

SD cards have the same.

Note: the lock tab on a SD card doesn't actually do anything inside the card, it merely activates a contact on the socket.

Whether that contact is used to implement a hardware write lock, a software write lock or no write lock at all is entirely dependent on the designer of the system you plug the SD card into.

Re:Hardware write locks?

[mrex]

Ooooh. USB 3 and everything. Much thanks!

Re:Hardware write locks?

[mrex]

Don't even get me started on how much I hate SIMs... almost as much as CableCard. I don't like being locked out of hardware that I paid for.

Re:Hardware write locks?

[mspohr]

I don't really understanding what you are saying.
Most phones will operate without a SIM (wifi and bluetooth connectivity).
If you want access to the cell network, you need a SIM... any SIM will do... preferably pick one from a company that doesn't screw you to badly (in the US, T-mobile or one of the many resellers tend to have the best deal).
Of course, if you bought a SIM-locked phone, you are screwed... Why did you buy a SIM-locked phone?

Re:Hardware write locks?

[mrex]

I don't really understanding what you are saying.

What I'm saying is that a SIM card is a computer designed to operate in a way that I find philosophically repugnant and deleterious to individual rights. As a computer, it both stores and processes data, but is specifically designed to exist as a black box that locks out the owner and frustrate attempts for the owner to exert control over how or what data is processed on their device. Thus, it violates the principles of open computing in a fundamental, and very dangerous, way. The technology is specifically anti-consumer, anti-citizen, and anti-property-owner. SIM cards are not there for your benefit, and do not serve your interests. They are designed and built specifically to disempower you, their owner and operator.

I don't like, and do my best to avoid using, technology like that. You should, too! Normalizing this kind of technology ultimately causes real harm to real people. Industry and government have a deep and abiding desire to make us all into passive consumers rather than empowered and active users of computers and networks. Technologies like SIM, CableCard, proprietary firmware, etc. are one of the main tools they leverage to accomplish this.

I believe that computer owners should be free and empowered to leverage their property in any way they see fit. Technology should work for, not against, its owner.

Re:Who, exactly, gets to send over the air updates

[wonkey_monkey]

What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier.

When you say "seems to," do you really mean "could possibly some day"?

This looks like something where you beg and plead with your old carrier to let you switch your device to a new carrier.

That sounds more like something you're inferring than something being implied by the article.

There's nothing in the article to suggest it's going to make it's way into consumer devices just yet. It might one day, but not yet.

The GSMA has published the technical description of a SIM card designed specifically for Machine-to-Machine (M2M) communication

Despite the convenience of over-the-air management, the GSMA says the embedded design is not meant to replace conventional SIM cards

Flimsy cover story

[FuzzNugget]

Preventing the need to open up devices to swap a SIM could be easily resolved by using a simple spring-loaded insert/eject slot for SIM cards (the same way most SD card slots work). That this is because of the "Internet of Things" is a cover story, and a weak one. What's more of a hassle? Spending 30 seconds to swap SIM cards or spending 30 minutes on hold before mentally parsing the unintelligible engrish of a slave-wage phone drone?

This is a solution to a problem that doesn't exist. The only "problem" this solves is enabling the carriers to revert to the abusive and restrictive CDMA model.

Re:Flimsy cover story

[wonkey_monkey]

Preventing the need to open up devices to swap a SIM could be easily resolved by using a simple spring-loaded insert/eject slot for SIM cards

That would still need physical access to the device, which is the problem this proposal is actually trying do away with. It might also (speculation on my part here, but doesn't seem unreasonable) run the risk of causing more problems when users brick their phones or SIMs by popping the SIM without turning off the phone.

This is a solution to a problem that doesn't exist to me.

FTFY. There are plenty of use cases where this would be an incredibly useful facility. Just because none of them personally impact on you doesn't mean this is automatically a nefarious conspiracy to (some day, in the future, possibly, but not now) rob you of control over your phone.

Re:Flimsy cover story

[Lumpy]

I pop out the sim all the time with the phone on. you can not "brick" a phone by doing this.

Re:Flimsy cover story

[petermgreen]

Even with the "internet of things" I wonder how well this will work, if you make migration dependent on asking the "losing" carrier then that losing carrier has every motivation to make that process as slow and difficult as possible. If you allow the "gaining" carrier to grab the device you run the risk of devices being migrated without the owners permission by dodgy carriers.

Re:Flimsy cover story

[wonkey_monkey]

if you make migration dependent on asking the "losing" carrier...

That's an entirely speculative "if." If, on the other hand, it can be done entirely by an owner in possession of a private key, then no problem, and nothing to get het up about.

Get SIM definition from new carrier. Encrypt and upload to device via old carrier. Done.

Machine to Machine

The main idea is to lower deployment costs for M2M applications.

I operate a GPS tracking business and somthing like this would save a lot of bux.

As it is right now I need to send a guy to the location where the tracker is and have them swap out the SIM.

So this...

[0m3gaMan]

apparently solves a nagging prroblem? Isn't that like saying: "No more swapping car keys"?

Something wrong with headline

[Pop69]

"Embedded SIM Design Means No Longer Able To Swap Cards"

There, that reads better

Re:Who, exactly, gets to send over the air updates

[sir-gold]

If it's more profitable for the carriers to sell embedded-sim phones, then that is exactly what they will do, regardless of the intent of the specification or the wishes of it's designers.

ESN

[omnichad]

So...GSM now has an ESN? All this talk about the "Internet of Things" is really just saying that the devices are getting the equivalent of a MAC Address and can be remotely provisioned. And phones will still have SIM cards.

Guess there's nothing wrong with that, but I thought there was a big reason for GSM's push to have SIM cards in the first place.

Re:Multiple phones and SIMs

[omnichad]

And international travel.

The Internet of Things isn't a thing

[Gothmolly]

It's marketing, like "the cloud". It's such a gross oversimplification that it's meaningless.

No thanks.

[Lumpy]

Because I have 100% control with a removable SIM. I don't need yet another thing held hostage by the telephone carrier.

Re:No thanks.

[wonkey_monkey]

I don't see anything in the article to suggest this would be for the carrier, and not the owner, to control.

Another point of failure....

[Khyber]

"The design could speed up embedded applications."

And it can introduce problems, such as making an expensive piece of electronics useless when the non-replaceable SIM fails or does not update properly.

Re:Another point of failure....

[wonkey_monkey]

Glass half empty much?

Re:Another point of failure....

[Khyber]

Product design experience for over half a decade, prototype development for over a decade and a half.

But why?

[TuringCheck]

SIMs that can be fully reprogrammed by OTA already exist. All SIMs support changing the identity (IMSI) and a few also support changing authentication data (Ki, Op, algorithm). Most likely this is just a method to take away one of subscriber's freedoms - to become somebody else's subscriber.

Re:But why?

[wonkey_monkey]

Most likely this is just a method to take away one of subscriber's freedoms - to become somebody else's subscriber.

Why do you assume that?

Re:Who, exactly, gets to send over the air updates

[sloanesky]

I don't think this is meant for cell phones, as the spec says: "This document addresses: The Machine-to-Machine use cases as described in GSMA ‘Embedded SIM Task Force Requirements and Use Cases’ Version 1.0 [1]. This solution is not intended to apply to traditional consumer telecommunication devices as they are not concerned with the problem statement above."

Re:Would not be a problem at all

[xvan]

You were always able to physically program a SIM card...
You were always able to emulate a sim card, making it 'easily reprogrammed'.

What you didn't have was the availability of cryptographic keys making those options useful.

Compare cloning sim cards with changing IMEI's on today devices, or bypassing boot loader signatures. They all implemented on hardware and really difficult to beat, I don't see why you having your SIM card cloned to extract your sim card credentials, rather than having your "embedded device" hacked, to extract it's sim card credentials.

At the end of day if your device is completely hacked, it could be used to clone your physical SIM card.

Internet of remotely re-programmable things UGH?!?

[knorthern+knight]

> RTFA. They're not talking about phones; they're talking about assorted
> Internet-of-Things devices--how your toaster and your microwave talk to your Roomba.

[...deletia...]

> Of course, if someone hacks the network and reprograms your meter,
> that's bad. But don't we have the same risk now?

NO. Right now my toaster and microwave do not talk to, or take orders from other devices, let alone the guy in the car parked out in front of my home, or terrorists on the other side of the planet. This is downright stupid, and treasonous in how it makes us vulnerable to terrorists. All you need is a really hot summer day, with everybody's air-conditioners going full blast, and the electrical utilities pushed to their limits. Now imagine a botnet of things (toasters/microwaves/ovens/whatever) suddenly ramping up a in a couple of million households in a large city. The local system overloads and we have a local blackout. Properly co-ordinate 3 or 4 large cities simultaneously, and you've got a major regional blackout, possibly cascading to a national scale. Who dreamt up this "advance"? Some Al-Quaeda mole?

Re:Who, exactly, gets to send over the air updates

[Animats]

What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier.

When you say "seems to," do you really mean "could possibly some day"?

No, I mean that's what the documentation seems to say. The user can't swap SIM cards when there is no removable SIM card. It has to be done remotely. From the documentation, it seems that the carrier has the keys to do that, but the user does not. Some devices start out in "provisioning mode", from which point (I think) the first carrier to talk to the device downloads a profiile and has control of the device until they release it. Or the device might come pre-locked to a carrier. Whether the user can force the device back to provisioning mode seems to be under the control of the profile downloaded by the carrier.

it's a lot like the way domain transfer works between registrars, with the "domain locked" status being under the control of the "losing registrar". That's led to disputes.

Who tells whom what to do? - V. Lenin

Here's the real reason why this is Excellent

[Snuggles]

Imagine you have deployed 100k devices on the field. Or just 1k. Then, the operator that you're using starts charging more or their service level drops. Remember, the M2M lifecycles may be long compared to the cellphones. Like 10-15 years.

What do you do ? Currently, you'd have to get new SIM cards and go to each and every device to change the devices. This is because the SIM cards are controlled by the operator who issued the card.

How much does it cost to send someone somewhere to change the SIM card ? Multiply this with 100k.

From one case, I know that sending a serviceman to 6k sites around the continent to perform a simple operation (open-flash-close) costs around 600kUSD.

Re:Here's the real reason why this is Excellent

[Neil+Boekend]

Imagine, if you will, a three by seven inch wooden frame -- a frame that's a gateway to a world of imagination. Wipe your mind on the welcome mat. You're about to enter The Scary Door.

Re:Who, exactly, gets to send over the air updates

[wonkey_monkey]

No, I mean that's what the documentation seems to say.

Where can that be found? The closest thing I've found amounts to little more than a speculative brochure.

Yeah!

[garry_g]

Finally, the curse of Verizon is coming to GSM!

Wait....

[PortHaven]

So you're telling me that I should be excited the GSM is now doing what Verizon and CDMA phones did for nearly 15 years now?

Re:Who, exactly, gets to send over the air updates

[Animats]

See above. But here's the link again: GSM Association Official Document 12FAST.13 - Embedded SIM Remote Provisioning Architecture.