Hubbry Logo
SIM cardSIM cardMain
Open search
SIM card
Community hub
SIM card
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
SIM card
SIM card
SIM card
View on Wikipedia
from Wikipedia
A typical SIM card (mini-SIM with micro-SIM cutout)

A SIM card or SIM (subscriber identity module) is an integrated circuit (IC) in the range of a 25 MHz 32 bit CPU, and 256 KB of NVM [1]. SIMs are intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices (such as mobile phones, tablets, and laptops). SIMs are also able run apps and to store arbitrary information like address book contact information,[2] and may be protected using a PIN code to prevent unauthorized use.

These SIM cards are always used on GSM phones; for CDMA phones, they are needed only for LTE-capable handsets. SIM cards are also used in various satellite phones, smart watches, computers, or cameras.[3] The first SIM cards were the size of credit and bank cards; sizes were reduced several times over the years, usually keeping electrical contacts the same, to fit smaller-sized devices.[4] SIMs are transferable between different mobile devices by removing the card itself.

Technically, the actual physical card is known as a universal integrated circuit card (UICC); this smart card is usually made of PVC with embedded contacts and semiconductors, with the SIM as its primary component. In practice the term "SIM card" is still used to refer to the entire unit and not simply the IC. A SIM contains a unique serial number, integrated circuit card identification (ICCID), international mobile subscriber identity (IMSI) number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and four passwords: a personal identification number (PIN) for ordinary use, and a personal unblocking key (PUK) for PIN unlocking as well as a second pair (called PIN2 and PUK2 respectively) which are used for managing fixed dialing number and some other functionality.[5][6] In Europe, the serial SIM number (SSN) is also sometimes accompanied by an international article number (IAN) or a European article number (EAN) required when registering online for the subscription of a prepaid card.

A TracFone Wireless SIM card has no distinctive carrier markings and is only marked as a "SIM card".

As of 2020, eSIM is superseding physical SIM cards in some domains, including cellular telephony. eSIM uses a software-based SIM embedded into an irremovable eUICC.

History and procurement

[edit]

The SIM card is a type of smart card,[3] the basis for which is the silicon integrated circuit (IC) chip.[7] The idea of incorporating a silicon IC chip onto a plastic card originates from the late 1960s.[7] Smart cards have since used MOS integrated circuit chips, along with MOS memory technologies such as flash memory and EEPROM (electrically EPROM).[8]

The SIM was initially specified by the ETSI in the specification TS 11.11. This describes the physical and logical behaviour of the SIM. With the development of UMTS, the specification work was partially transferred to 3GPP. 3GPP is now responsible for the further development of applications like SIM (TS 51.011[9]) and USIM (TS 31.102[10]) and ETSI for the further development of the physical card UICC.

The first SIM card was manufactured in 1991 by Munich smart-card maker Giesecke+Devrient, who sold the first 300 SIM cards to the Finnish wireless network operator Radiolinja,[11][12] who launched the world's first commercial 2G GSM cell network that year.[13]

Today, SIM cards are considered ubiquitous, allowing over 8 billion devices to connect to cellular networks around the world daily. According to the International Card Manufacturers Association (ICMA), there were 5.4 billion SIM cards manufactured globally in 2016 creating over $6.5 billion in revenue for traditional SIM card vendors.[14] The rise of cellular IoT and 5G networks was predicted by Ericsson to drive the growth of the addressable market for SIM cards to over 20 billion devices by 2020.[15] The introduction of embedded-SIM (eSIM) and remote SIM provisioning (RSP) from the GSMA[16] may disrupt the traditional SIM card ecosystem with the entrance of new players specializing in "digital" SIM card provisioning and other value-added services for mobile network operators.[8]

Design

[edit]
SIM chip structure and packaging

There are three operating voltages for SIM cards: 5 V, 3 V and 1.8 V (ISO/IEC 7816-3 classes A, B and C, respectively). The operating voltage of the majority of SIM cards launched before 1998 was 5 V. SIM cards produced subsequently are compatible with 3 V and 5 V. Modern cards support 5 V, 3 V and 1.8 V.[8]

4-by-4-millimetre (0.16 in × 0.16 in) silicon chip in a SIM card which has been peeled open. Note the thin gold bonding wires, and the regular, rectangular digital memory areas.

Modern SIM cards allow applications to load when the SIM is in use by the subscriber. These applications communicate with the handset or a server using SIM Application Toolkit, which was initially specified by 3GPP in TS 11.14. (There is an identical ETSI specification with different numbering.) ETSI and 3GPP maintain the SIM specifications. The main specifications are: ETSI TS 102 223 (the toolkit for smart cards), ETSI TS 102 241 (API), ETSI TS 102 588 (application invocation), and ETSI TS 131 111 (toolkit for more SIM-likes). SIM toolkit applications were initially written in native code using proprietary APIs. To provide interoperability of the applications, ETSI chose Java Card.[17] A multi-company collaboration called GlobalPlatform defines some extensions on the cards, with additional APIs and features like more cryptographic security and RFID contactless use added.[18]

Data

[edit]

SIM cards store network-specific information used to authenticate and identify subscribers on the network. The most important of these are the ICCID, IMSI, authentication key (Ki), local area identity (LAI) and operator-specific emergency number. The SIM also stores other carrier-specific data such as the SMSC (Short Message service center) number, service provider name (SPN), service dialing numbers (SDN), advice-of-charge parameters and value-added service (VAS) applications. (Refer to GSM 11.11.[19])

SIM cards can come in various data capacities, from 8 KB to at least 256 KB.[12] All can store a maximum of 250 contacts on the SIM, but while the 32 KB has room for 33 Mobile country code (MCCs) or network identifiers, the 64 KB version has room for 80 MNCs.[2] This is used by network operators to store data on preferred networks, mostly used when the SIM is not in its home network but is roaming. The network operator that issued the SIM card can use this to have a phone connect to a preferred network that is more economic for the provider instead of having to pay the network operator that the phone discovered first. This does not mean that a phone containing this SIM card can connect to a maximum of only 33 or 80 networks, instead it means that the SIM card issuer can specify only up to that number of preferred networks. If a SIM is outside these preferred networks, it uses the first or best available network.[15]

ICCID

[edit]

Each SIM is internationally identified by its integrated circuit card identifier (ICCID). Nowadays ICCID numbers are also used to identify eSIM profiles, not only physical SIM cards. ICCIDs are stored in the SIM cards and are also engraved or printed on the SIM card body during a process called personalisation.

The ICCID is defined by the ITU-T recommendation E.118 as the primary account number.[20] Its layout is based on ISO/IEC 7812. According to E.118, the number can be up to 19 digits long, including a single check digit calculated using the Luhn algorithm. However, the GSM Phase 1[21] defined the ICCID length as an opaque data field, 10 octets (20 digits) in length, whose structure is specific to a mobile network operator.

The number is composed of three subparts:

  • Issuer identification number (IIN)
  • Check digit
  • Individual account identification

Their format is as follows.

Issuer identification number (IIN)

[edit]
  • Maximum of seven digits:
    • Major industry identifier (MII), 2 fixed digits, 89 for telecommunication purposes.
    • Country code, 2 or 3 digits, as defined by ITU-T recommendation E.164.
      • NANP countries, apart from Canada, use 01, i.e. prepending a zero to their common calling code +1
      • Canada uses 302
      • Russia uses 701, i.e. appending 01 to its calling code +7
      • Kazakhstan uses 997, even though it shares the calling code +7 with Russia
    • Issuer identifier, 1–4 digits.
    • Often identical to the Mobile country code (MCC).[22]

Individual account identification

[edit]

Check digit

[edit]
  • Single digit calculated from the other digits using the Luhn algorithm.

With the GSM Phase 1 specification using 10 octets into which ICCID is stored as packed BCD[clarification needed], the data field has room for 20 digits with hexadecimal digit "F" being used as filler when necessary. In practice, this means that on GSM cards there are 20-digit (19+1) and 19-digit (18+1) ICCIDs in use, depending upon the issuer. However, a single issuer always uses the same size for its ICCIDs.

As required by E.118, the ITU-T updates a list of all current internationally assigned IIN codes in its Operational Bulletins which are published twice a month (the last as of January 2019 was No. 1163 from 1 January 2019).[23] ITU-T also publishes complete lists: as of August 2023, the list issued on 1 December 2018 was current, having all issuer identifier numbers before 1 December 2018.[24]

International mobile subscriber identity (IMSI)

[edit]

SIM cards are identified on their individual operator networks by a unique international mobile subscriber identity (IMSI). Mobile network operators connect mobile phone calls and communicate with their market SIM cards using their IMSIs. The format is:

  • The first three digits represent the Mobile country code (MCC).
  • The next two or three digits represent the Mobile network code (MNC). Three-digit MNC codes are allowed by E.212 but are mainly used in the United States and Canada. One MCC can have both 2 digit and 3 digit MNCs, an example is 350 007.
  • The next digits represent the Mobile identification number (MSIN).
  • Normally there are 10 digits, but can be fewer in the case of a 3-digit MNC or if national regulations indicate that the total length of the IMSI should be less than 15 digits.
  • Digits are different from country to country.

Authentication key (Ki)

[edit]

The Ki is a 128-bit value used in authenticating the SIMs on a GSM mobile network (for USIM network, the Ki is still needed but other parameters are also needed). Each SIM holds a unique Ki assigned to it by the operator during the personalisation process. The Ki is also stored in a database (termed authentication center or AuC) on the carrier's network.

The SIM card is designed to prevent someone from getting the Ki by using the smart-card interface. Instead, the SIM card provides a function, Run GSM Algorithm, that the phone uses to pass data to the SIM card to be signed with the Ki. This, by design, makes using the SIM card mandatory unless the Ki can be extracted from the SIM card, or the carrier is willing to reveal the Ki. In practice, the GSM cryptographic algorithm for computing a signed response (SRES_1/SRES_2: see steps 3 and 4, below) from the Ki has certain vulnerabilities[2] that can allow the extraction of the Ki from a SIM card and the making of a duplicate SIM card.

Authentication process:

  1. When the mobile equipment starts up, it obtains the international mobile subscriber identity (IMSI) from the SIM card, and passes this to the mobile operator, requesting access and authentication. The mobile equipment may have to pass a PIN to the SIM card before the SIM card reveals this information.
  2. The operator network searches its database for the incoming IMSI and its associated Ki.
  3. The operator network then generates a random number (RAND, which is a nonce) and signs it with the Ki associated with the IMSI (and stored on the SIM card), computing another number, that is split into the Signed Response 1 (SRES_1, 32 bits) and the encryption key Kc (64 bits).
  4. The operator network then sends the RAND to the mobile equipment, which passes it to the SIM card. The SIM card signs it with its Ki, producing Signed Response 2 (SRES_2) and Kc, which it gives to the mobile equipment. The mobile equipment passes SRES_2 on to the operator network.
  5. The operator network then compares its computed SRES_1 with the computed SRES_2 that the mobile equipment returned. If the two numbers match, the SIM is authenticated and the mobile equipment is granted access to the operator's network. Kc is used to encrypt all further communications between the mobile equipment and the operator.

Location area identity

[edit]

The SIM stores network state information, which is received from the location area identity (LAI). Operator networks are divided into location areas, each having a unique LAI number. When the device changes locations, it stores the new LAI to the SIM and sends it back to the operator network with its new location. If the device is power cycled, it takes data off the SIM, and searches for the prior LAI.

SMS messages and contacts

[edit]

Most SIM cards store a number of SMS messages and phone book contacts. It stores the contacts in simple "name and number" pairs. Entries that contain multiple phone numbers and additional phone numbers are usually not stored on the SIM card. When a user tries to copy such entries to a SIM, the handset's software breaks them into multiple entries, discarding information that is not a phone number. The number of contacts and messages stored depends on the SIM; early models stored as few as five messages and 20 contacts, while modern SIM cards can usually store over 250 contacts.[25]

Formats

[edit]

SIM cards have been made smaller over the years; functionality is independent of format. Full-size SIM was followed by mini-SIM, micro-SIM, and nano-SIM. SIM cards are also made to embed in devices.

From left, full-size SIM (1FF), mini-SIM (2FF), micro-SIM (3FF), and nano-SIM (4FF)
SIM card formats and dimensions
SIM card format Introduced Standard reference Length Width Thickness
Full-size (1FF) 1991 ISO/IEC 7810:2003, ID-1 85.6 mm (3.37 in) 53.98 mm (2.125 in) 0.76 mm (0.030 in)
Mini-SIM (2FF) 1996 ISO/IEC 7810:2003, ID-000 25 mm (0.98 in) 15 mm (0.59 in) 0.76 mm (0.030 in)
Micro-SIM (3FF) 2003 ETSI TS 102 221 V9.0.0, Mini-UICC 15 mm (0.59 in) 12 mm (0.47 in) 0.76 mm (0.030 in)
Nano-SIM (4FF) early 2012 ETSI TS 102 221 V11.0.0 12.3 mm (0.48 in) 8.8 mm (0.35 in) 0.67 mm (0.026 in)
Embedded-SIM
(eSIM) 		2016 ETSI TS 102.671 V9.0.0

JEDEC Design Guide 4.8, SON-8
GSMA SGP.22 V1.0

6 mm (0.23622 in) 5 mm (0.19685 in) ?

All versions of the non-embedded SIM cards share the same ISO/IEC 7816 pin arrangement.

Mini-SIM

[edit]
The memory chip from a micro-SIM card without the plastic backing plate, next to a US dime, which is approx. 18 mm in diameter
X-ray image of a mini-SIM, showing the chip and connections

The mini-SIM or (2FF , 2nd form factor) card has the same contact arrangement as the full-size SIM card and is normally supplied within a full-size card carrier, attached by a number of linking pieces. This arrangement (defined in ISO/IEC 7810 as ID-1/000) lets such a card be used in a device that requires a full-size card – or in a device that requires a mini-SIM card, after breaking the linking pieces. As the full-size SIM is obsolete, some suppliers refer to the mini-SIM as a "standard SIM" or "regular SIM".

Micro-SIM

[edit]

The micro-SIM (or 3FF) card has the same thickness and contact arrangements, but reduced length and width as shown in the table above.[26]

The micro-SIM was introduced by the European Telecommunications Standards Institute (ETSI) along with SCP, 3GPP (UTRAN/GERAN), 3GPP2 (CDMA2000), ARIB, GSM Association (GSMA SCaG and GSMNA), GlobalPlatform, Liberty Alliance, and the Open Mobile Alliance (OMA) for the purpose of fitting into devices too small for a mini-SIM card.[22][27]

The form factor was mentioned in the December 1998 3GPP SMG9 UMTS Working Party, which is the standards-setting body for GSM SIM cards,[25] and the form factor was agreed upon in late 2003.[28]

The micro-SIM was designed for backward compatibility. The major issue for backward compatibility was the contact area of the chip. Retaining the same contact area makes the micro-SIM compatible with the prior, larger SIM readers through the use of plastic cutout surrounds. The SIM was also designed to run at the same speed (5 MHz) as the prior version. The same size and positions of pins resulted in numerous "How-to" tutorials and YouTube videos with detailed instructions how to cut a mini-SIM card to micro-SIM size.

The chairman of EP SCP, Klaus Vedder, said[28]

ETSI has responded to a market need from ETSI customers, but additionally there is a strong desire not to invalidate, overnight, the existing interface, nor reduce the performance of the cards.

Micro-SIM cards were introduced by various mobile service providers for the launch of the original iPad, and later for smartphones, from April 2010. The iPhone 4 was the first smartphone to use a micro-SIM card in June 2010, followed by many others.[29]

Nano-SIM

[edit]

After a debate in early 2012 between a few designs created by Apple, Nokia and RIM, Apple's design for an even smaller SIM card was accepted by the ETSI.[30][31] The nano-SIM (or 4FF) card was introduced in June 2012, when mobile service providers in various countries first supplied it for phones that supported the format. The nano-SIM measures 12.3 mm × 8.8 mm × 0.67 mm (0.484 in × 0.346 in × 0.026 in) and reduces the previous format to the contact area while maintaining the existing contact arrangements.[32] A small rim of isolating material is left around the contact area to avoid short circuits with the socket. The nano-SIM can be put into adapters for use with devices designed for 2FF or 3FF SIMs, and is made thinner for that purpose,[33] and telephone companies give due warning about this.[34] 4FF is 0.67 mm (0.026 in) thick, compared to the 0.76 mm (0.030 in) of its predecessors.

The iPhone 5, released in September 2012, was the first device to use a nano-SIM card,[35] followed by other handsets.

Security

[edit]

In July 2013, Karsten Nohl, a security researcher from SRLabs, described[36][37] vulnerabilities in some SIM cards that supported DES, which, despite its age, is still used by some operators.[37] The attack could lead to the phone being remotely cloned or let someone steal payment credentials from the SIM.[37] Further details of the research were provided at BlackHat on 31 July 2013.[37][38] In response, the International Telecommunication Union said that the development was "hugely significant" and that it would be contacting its members.[39]

In February 2015, The Intercept reported that the NSA and GCHQ had stolen the encryption keys (Ki's) used by Gemalto (now known as Thales DIS, manufacturer of 2 billion SIM cards annually) [40]), enabling these intelligence agencies to monitor voice and data communications without the knowledge or approval of cellular network providers or judicial oversight.[41] Having finished its investigation, Gemalto claimed that it has “reasonable grounds” to believe that the NSA and GCHQ carried out an operation to hack its network in 2010 and 2011, but says the number of possibly stolen keys would not have been massive.[42]

In September 2019, Cathal Mc Daid, a security researcher from Adaptive Mobile Security, described[43][44] how vulnerabilities in some SIM cards that contained the S@T Browser library were being actively exploited. This vulnerability was named Simjacker. Attackers were using the vulnerability to track the location of thousands of mobile phone users in several countries.[45] Further details of the research were provided at VirusBulletin on 3 October 2019.[46][47]

Developments

[edit]

When GSM was already in use, the specifications were further developed and enhanced with functionality such as SMS and GPRS. These development steps are referred as releases by ETSI. Within these development cycles, the SIM specification was enhanced as well: new voltage classes, formats and files were introduced.

USIM

[edit]

In GSM-only times, the SIM consisted of the hardware and the software. With the advent of UMTS, this naming was split: the SIM was now an application and hence only software. The hardware part was called UICC. This split was necessary because UMTS introduced a new application, the universal subscriber identity module (USIM). The USIM brought, among other things, security improvements like mutual authentication and longer encryption keys, and an improved address book.

UICC

[edit]
Main article: Universal integrated circuit card

"SIM cards" in developed countries today are usually UICCs containing at least a SIM application and a USIM application. This configuration is necessary because older GSM only handsets are solely compatible with the SIM application and some UMTS security enhancements rely on the USIM application.

Other variants

[edit]

On cdmaOne networks, the equivalent of the SIM card is the R-UIM and the equivalent of the SIM application is the CSIM.

A virtual SIM is a mobile phone number provided by a mobile network operator that does not require a SIM card to connect phone calls to a user's mobile phone.

Embedded SIM (eSIM)

[edit]
Main article: eSIM
Embedded SIM from M2M supplier Eseye with an adapter board for evaluation in a mini-SIM socket

An embedded SIM (eSIM) is a form of programmable SIM that is embedded directly into a device.[48] The surface mount format provides the same electrical interface as the full size, 2FF and 3FF SIM cards, but is soldered to a circuit board as part of the manufacturing process. In M2M applications where there is no requirement[16] to change the SIM card, this avoids the requirement for a connector, improving reliability and security.[citation needed] An eSIM can be provisioned remotely; end-users can add or remove operators without the need to physically swap a SIM from the device or use multiple eSIM profiles at the same time.[49][50]

The eSIM standard, initially introduced in 2016, has progressively supplanted traditional physical SIM cards across various sectors, notably in cellular telephony.[51][52] In September 2017, Apple introduced the Apple Watch Series 3 featuring eSIM.[53] In October 2018, Apple introduced the iPad Pro (3rd generation),[54] which was the first iPad to support eSIM. In September 2022, Apple introduced the iPhone 14 series which was the first eSIM exclusive iPhone in the United States.[55]

Integrated SIM (iSIM)

[edit]

An integrated SIM (iSIM) is a form of SIM directly integrated into the modem chip or main processor of the device itself. As a consequence they are smaller, cheaper and more reliable than eSIMs, they can improve security and ease the logistics and production of small devices i.e. for IoT applications. In 2021, Deutsche Telekom introduced the nuSIM, an "Integrated SIM for IoT".[56][57][58]

Usage in mobile phone standards

[edit]
SIM cards of various German mobile operators

The use of SIM cards is mandatory in GSM devices.[59][60]

The satellite phone networks Iridium, Thuraya and Inmarsat's BGAN also use SIM cards. Sometimes, these SIM cards work in regular GSM phones and also allow GSM customers to roam in satellite networks by using their own SIM cards in a satellite phone.

Japan's 2G PDC system (which was shut down in 2012; SoftBank Mobile shut down PDC from 31 March 2010) also specified a SIM, but this has never been implemented commercially. The specification of the interface between the Mobile Equipment and the SIM is given in the RCR STD-27 annexe 4. The Subscriber Identity Module Expert Group was a committee of specialists assembled by the European Telecommunications Standards Institute (ETSI) to draw up the specifications (GSM 11.11) for interfacing between smart cards and mobile telephones. In 1994, the name SIMEG was changed to SMG9.

Japan's current and next-generation cellular systems are based on W-CDMA (UMTS) and CDMA2000 and all use SIM cards. However, Japanese CDMA2000-based phones are locked to the R-UIM they are associated with and thus, the cards are not interchangeable with other Japanese CDMA2000 handsets (though they may be inserted into GSM/WCDMA handsets for roaming purposes outside Japan).

CDMA-based devices originally did not use a removable card, and the service for these phones is bound to a unique identifier contained in the handset itself. This is most prevalent in operators in the Americas. The first publication of the TIA-820 standard (also known as 3GPP2 C.S0023) in 2000 defined the Removable User Identity Module (R-UIM). Card-based CDMA devices are most prevalent in Asia.

The equivalent of a SIM in UMTS is called the universal integrated circuit card (UICC), which runs a USIM application. The UICC is still colloquially called a SIM card.[61]

SIM and carriers

[edit]

The SIM card introduced a new and significant business opportunity for MVNOs who lease capacity from one of the network operators rather than owning or operating a cellular telecoms network and only provide a SIM card to their customers. MVNOs first appeared in Denmark, Hong Kong, Finland and the UK. By 2011 they existed in over 50 countries, including most of Europe, the United States, Canada, Mexico, Australia and parts of Asia, and accounted for approximately 10% of all mobile phone subscribers around the world.[62]

On some networks, the mobile phone is locked to its carrier SIM card, meaning that the phone only works with SIM cards from the specific carrier. This is more common in markets where mobile phones are heavily subsidised by the carriers, and the business model depends on the customer staying with the service provider for a minimum term (typically 12, 18 or 24 months). SIM cards that are issued by providers with an associated contract, but where the carrier does not provide a mobile device (such as a mobile phone) are called SIM-only deals. Common examples are the GSM networks in the United States, Canada, Australia, and Poland. UK mobile networks ended SIM lock practices in December 2021. Many businesses offer the ability to remove the SIM lock from a phone, effectively making it possible to then use the phone on any network by inserting a different SIM card. Mostly, GSM and 3G mobile handsets can easily be unlocked and used on any suitable network with any SIM card.

In countries where the phones are not subsidised, e.g., India, Israel and Belgium, all phones are unlocked. Where the phone is not locked to its SIM card, the users can easily switch networks by simply replacing the SIM card of one network with that of another while using only one phone. This is typical, for example, among users who may want to optimise their carrier's traffic by different tariffs to different friends on different networks, or when travelling internationally.

In 2016, carriers started using the concept of automatic SIM reactivation[63] whereby they let users reuse expired SIM cards instead of purchasing new ones when they wish to re-subscribe to that operator. This is particularly useful in countries where prepaid calls dominate and where competition drives high churn rates, as users had to return to a carrier shop to purchase a new SIM each time they wanted to churn back to an operator.

SIM-only

[edit]

Commonly sold as a product by mobile telecommunications companies, "SIM-only" refers to a type of legally liability contract between a mobile network provider and a customer. The contract itself takes the form of a credit agreement and is subject to a credit check.

SIM-only contracts can be pre-pay - where the subscriber buys credit before use (often called pay as you go, abbreviated to PAYG), or post-pay, where the subscriber pays in arrears, typically monthly.

Within a SIM-only contract, the mobile network provider supplies their customer with just one piece of hardware, a SIM card, which includes an agreed amount of network usage in exchange for a monthly payment. Network usage within a SIM-only contract can be measured in minutes, text, data or any combination of these. The duration of a SIM-only contract varies depending on the deal selected by the customer, but in the UK they are typically available over 1, 3, 6, 12 or 24-month periods.

SIM-only contracts differ from mobile phone contracts in that they do not include any hardware other than a SIM card. In terms of network usage, SIM-only is typically more cost-effective than other contracts because the provider does not charge more to offset the cost of a mobile device over the contract period. The short contract length is one of the key features of SIM-only – made possible by the absence of a mobile device.

SIM-only is increasing in popularity very quickly.[64] In 2010 pay monthly based mobile phone subscriptions grew from 41 percent to 49 percent of all UK mobile phone subscriptions.[65] According to German research company GfK, 250,000 SIM-only mobile contracts were taken up in the UK during July 2012 alone, the highest figure since GfK began keeping records.

Increasing smartphone penetration combined with financial concerns is leading customers to save money by moving onto a SIM-only when their initial contract term is over.

Multiple-SIM devices

[edit]
Main article: Dual SIM
Dual SIM slots as shown on a Lenovo smartphone

Dual SIM devices have two SIM card slots for the use of two SIM cards, from one or multiple carriers. Multiple SIM devices are commonplace in developing markets such as in Africa, East Asia, South Asia and Southeast Asia, where variable billing rates, network coverage and speed make it desirable for consumers to use multiple SIMs from competing networks. Dual-SIM phones are also useful to separate one's personal phone number from a business phone number, without having to carry multiple devices. Some popular devices, such as the BlackBerry KeyOne, have dual-SIM variants; however, dual-SIM devices were not common in the US or Europe due to lack of demand. This has changed with mainline products from Apple and Google featuring either two SIM slots or a combination of a physical SIM slot and an eSIM.

In September 2018, Apple introduced iPhone XS, iPhone XS Max, and iPhone XR featuring Dual SIM (nano-SIM and eSIM) and Apple Watch Series 4 featuring Dual eSIM.

Thin SIM

[edit]
A GPP-branded SIM interposer used to circumvent network restrictions on carrier-locked iPhones

A thin SIM (or overlay SIM or SIM overlay) is a very thin device shaped like a SIM card, approximately 120 microns (1200 inch) thick. It has contacts on its front and back. It is used by placing it on top of a regular SIM card. It provides its own functionality while passing through the functionality of the SIM card underneath. It can be used to bypass the mobile operating network and run custom applications, particularly on non-programmable cell phones.[66]

Its top surface is a connector that connects to the phone in place of the normal SIM. Its bottom surface is a connector that connects to the SIM in place of the phone. With electronics, it can modify signals in either direction, thus presenting a modified SIM to the phone, and/or presenting a modified phone to the SIM. (It is a similar concept to the Game Genie, which connects between a game console and a game cartridge, creating a modified game). Similar devices have also been developed for iPhones to circumvent SIM card restrictions on carrier-locked models.[67]

In 2014, Equitel, an MVNO operated by Kenya's Equity Bank, announced its intention to begin issuing thin SIMs to customers, raising security concerns by competition, particularly concerning the safety of mobile money accounts. However, after months of security testing and legal hearings before the country's Parliamentary Committee on Energy, Information and Communications, the Communications Authority of Kenya (CAK) gave the bank the green light to roll out its thin SIM cards.[68]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

SIM card

View on Grokipedia
from Grokipedia
The Subscriber Identity Module (SIM) is a smart , typically implemented as a removable card, that stores a mobile subscriber's unique identity—such as the (IMSI)—along with keys and personal data, enabling secure and authorization to access cellular networks. Developed initially for () networks, the SIM performs critical functions including network via challenge-response mechanisms using a secret key (Ki), key generation for air interface protection, and storage of subscriber-specific files like phonebook entries and short messages. First commercially manufactured in 1991 by for the Finnish operator Radiolinja, the SIM revolutionized by separating user identity from the , allowing portability of service across devices. Subsequent evolutions extended SIM functionality to Universal SIM (USIM) for and beyond, incorporating support for IP services and higher protocols, while form factors progressed from full-size (credit-card dimensions) to -, -, and nano-SIM to accommodate shrinking device designs. Embedded SIM () variants, integrated directly into devices without physical removal, further advanced deployment flexibility, particularly for IoT applications, by enabling remote provisioning of profiles. Despite its robustness, the SIM has faced challenges including vulnerabilities to and over-the-air attacks in early implementations, prompting ongoing enhancements in cryptographic standards and modules.

History

Invention and Early Development

The Subscriber Identity Module (SIM), a for storing mobile subscriber data and enabling secure network , was developed in the late 1980s as an integral part of the standard. The initiative began in 1982 when the Conference of European Posts and Telecommunications (CEPT) established the Groupe Spécial Mobile to create a unified pan-European digital cellular system, aiming to replace fragmented analog networks with a secure, interoperable digital alternative. By 1987, the project transitioned to the European Telecommunications Standards Institute (ETSI), which specified the SIM's role in phase 1 standards finalized in 1990, emphasizing its function in subscriber identification via the and cryptographic to prevent unauthorized access. German smart card manufacturer Giesecke+Devrient (G+D) led the practical development of the SIM under the direction of Dr. Klaus Vedder, leveraging existing smart card technology originally pioneered for payment systems in the 1970s. In 1989, G+D produced the first plug-in SIM prototype, a removable module designed to interface with early GSM handsets, marking a shift from fixed subscriber units in prior analog systems to portable, user-swappable authentication. This innovation addressed causal security needs in mobile networks, where separating user identity from the handset enabled roaming and reduced fraud risks inherent in non-removable identifiers. Commercial production commenced in 1991, with G+D delivering the initial batch of approximately 300 credit-card-sized SIMs (full-size form factor, measuring 85.6 mm × 53.98 mm) to Finland's Radiolinja operator, which launched the world's first network on July 1, 1991. These inaugural SIMs featured limited storage—typically supporting up to 20 phonebook entries and five short message service () messages—while primarily serving authentication via a 128-bit Ki key and A3/A8 algorithms for challenge-response verification. The deployment validated the SIM's efficacy in enabling secure, subscriber-centric mobile service, paving the way for 's rapid global expansion beyond .

Standardization and Global Adoption

The standardization of the Subscriber Identity Module (SIM) card originated within the Groupe Spécial Mobile () initiative, formed in 1982 by the Confédération Européenne des Postes et Télécommunications (CEPT) to develop a pan-European mobile standard, later managed by the European Telecommunications Standards Institute (ETSI) from 1989 onward. ETSI Technical Committee finalized core SIM specifications as part of GSM Phase 2 in 1990, defining the SIM as a removable for subscriber , encryption key storage, and network access in digital cellular systems operating at 900 MHz. These specifications, detailed in ETSI GSM 11.11, mandated a contact-based interface compliant with ISO/IEC 7816 standards for s, ensuring across networks. Initial global adoption accelerated with the launch of the first network by Radiolinja in on July 1, 1991, utilizing the inaugural commercial SIM cards produced by earlier that year. By 1993, had expanded to 12 European countries, with SIM cards enabling seamless international roaming through standardized (IMSI) and authentication processes. The Association, founded in 1995, promoted worldwide deployment, leading to over 200 million subscribers by 1999 and facilitating adoption in , , and the ; by 2000, accounted for approximately 70% of global mobile connections, supplanting analog systems like AMPS and TACS. SIM cards' tamper-resistant design and over-the-air provisioning capabilities were causal factors in this dominance, as they mitigated fraud prevalent in prior generations, with reported cloning incidents dropping significantly post-adoption. As mobile networks evolved, responsibility for SIM-related specifications shifted to the 3rd Generation Partnership Project (), established in 1998 to harmonize global standards beyond . Release 99 (2000) introduced the Universal Integrated Circuit Card (UICC) framework, extending SIM functionality to Universal Subscriber Identity Module (USIM) for networks while maintaining backward compatibility with SIMs. Subsequent releases refined SIM capabilities, including enhanced file structures in TS 31.102 and security protocols in TS 33.102, supporting higher data rates and multimedia services. Form factor standardization progressed under ETSI and auspices: the mini-SIM (2FF) became standard in 1996, followed by micro-SIM (3FF) in 2010 via ETSI TS 102 221, and nano-SIM (4FF) in 2012, reducing size by 40% to accommodate slimmer devices without altering electrical interfaces. This iterative standardization ensured sustained global interoperability, with over 8 billion active SIM-equipped connections by 2020, predominantly in 4G LTE ecosystems per specifications.

Procurement and Manufacturing Evolution

The manufacturing of Subscriber Identity Module (SIM) cards commenced in 1991, when (G+D) in , , produced the world's first commercial batch of 300 units for the Finnish operator Radiolinja, marking the transition from conceptual technology to mass production for networks. Early production involved embedding (IC) chips—typically with 4 KB of memory—into plastic carriers using lamination and contact pad assembly techniques derived from payment card manufacturing, with personalization of subscriber data occurring post-fabrication at operator facilities or vendor sites. Initial procurement by telecom operators relied on direct contracts with European specialists like G+D, focusing on compliance with ETSI standards for security and interoperability, as global rollout demanded scalable supply chains amid limited initial volumes. As mobile subscriptions surged from millions in the mid-1990s to billions by the , evolved toward higher volumes and cost efficiencies, with annual production reaching billions of units by specialized firms including Thales (1.96 billion smart cards in 2023, encompassing SIMs), , and G+D (1.53 billion). This scaling incorporated advanced processes for chips sourced from suppliers like , alongside automated personalization bureaus that encoded IMSI and authentication keys before distribution, reducing lead times for operators. processes formalized into models, where operators outsourced and bulk ordering to vendors, prioritizing standards like DES/3DES/AES and regional compliance, with emerging as a production hub by the due to lower labor costs and proximity to high-consumption markets accounting for 40% of global SIM demand. The introduction of form factor reductions—from full-size (1FF) in 1991 to (2FF, 1996), (3FF, 2010), and (4FF, 2012)—preserved core manufacturing steps like chip embedding but optimized material use and automated cutting for thinner profiles, enabling sleeker devices without altering fundamentals. By the , the global SIM market valued at $4.7 billion in 2022 reflected matured supply chains dominated by five top providers holding 52% share, though physical production faced pressures from embedded SIM () standardization in 2016, which integrates profiles directly into device chips during OEM assembly, bypassing separate card fabrication and slashing logistics for operators via remote provisioning (RSP). adoption has driven a gradual decline in physical SIM volumes, with lifecycle analyses showing 46% lower CO2 emissions (123 g vs. 229 g per unit) due to eliminated and shipping, prompting shifts toward digital profile and hybrid models. Emerging integrated SIM (iSIM) technology, embedding functionality into processors, further diminishes needs, projecting sustained market growth to $8.3 billion by 2032 amid IoT-driven demand despite physical form factor contraction.

Technical Design

Physical Form Factors

The Subscriber Identity Module (SIM) card has evolved through several physical form factors to accommodate shrinking device sizes while maintaining compatibility with ISO/IEC 7816 standards. The initial full-size SIM, designated as the first form factor (1FF), adheres to the ID-1 format with dimensions of 85.6 mm × 53.98 mm × 0.76 mm, matching the size of a , and was deployed in early networks starting in 1991. This larger format facilitated easier handling and integration into initial mobile handsets but became impractical as devices miniaturized. Subsequent miniaturization led to the mini-SIM, or second form factor (2FF), measuring 25 mm × 15 mm × 0.76 mm, introduced in 1996 to fit compact mobile phones. The ID-000 size under ISO/IEC 7810:2003 enabled broader adoption in second-generation handsets. Further reduction produced the micro-SIM (3FF) at 15 mm × 12 mm × 0.76 mm, popularized in 2010 with devices like the , balancing space constraints in smartphones with mechanical durability. The nano-SIM (4FF), the smallest removable form factor, spans 12.3 mm × 8.8 mm × 0.67 mm and was standardized in 2012 by ETSI and to support slimmer phone designs, representing a 40% size reduction from the micro-SIM. These dimensions are defined in ETSI TS 102 221, ensuring electrical contacts align across form factors for adapter-based compatibility. For non-removable applications, the embedded SIM ( or MFF2) integrates a much smaller chip, typically 5 mm × 6 mm, directly onto device motherboards, as specified for machine-to-machine communications. All form factors retain eight electrical contacts in the same relative positions per ISO/IEC 7816-2, with gold-plated surfaces for corrosion resistance and reliable connectivity. Thickness variations, particularly the thinner nano-SIM, address tray mechanisms in ultra-thin devices without compromising functionality. Manufacturers often produce multi-cut SIMs that can be trimmed from nano to larger sizes for versatility.

Hardware Components and Architecture

The hardware architecture of a SIM card revolves around an (IC) module embedded within a plastic substrate, designed for durability and electrical connectivity. The IC, typically a CMOS-based secure , comprises a (CPU), various components, and interface circuitry compliant with ISO/IEC 7816 standards for smart cards. The CPU, often an 8-bit processor operating at clock speeds of 5-25 MHz, executes for managing subscriber , , and protocols. Memory subsystems include (ROM) for immutable operating system code and boot routines, (RAM) for temporary processing (typically 1-8 KB), and electrically erasable programmable (EEPROM) or flash for persistent storage of files, keys, and applications (ranging from 16 KB in early GSM SIMs to 256 KB or more in contemporary UICCs). The EEPROM enables rewritable without power, essential for storing IMSI, keys, and short messages, while ROM ensures tamper-resistant execution of core functions. The IC module's packaging involves die attachment to a or flexible substrate, or flip-chip interconnects for internal signals, and encapsulation for protection against physical and environmental threats, with gold-plated contacts exposed on the surface. These contacts—eight in total—facilitate half-duplex : C1 and C5 for (1.8-5 V), C2 for reset, C3 for clock input, C7 for input/output data, and auxiliary pins like C4, C6, and C8 for optional features such as ground references or auxiliary I/O in advanced configurations. The design prioritizes low power consumption and resistance to attacks, with hardware-enforced isolation between processing and memory to safeguard sensitive operations. Dedicated hardware for security includes cryptographic coprocessors supporting algorithms like A3/A8 for GSM and AES-based mechanisms in later generations, alongside true random number generators for key derivation. Chips must meet reliability standards such as MIL-STD-883 for environmental stress screening, ensuring operation across temperature ranges of -40°C to +85°C and resistance to electrostatic discharge up to 2 kV. This architecture enables the SIM to function as an autonomous tamper-resistant token, interfacing solely via the defined electrical protocol without wireless elements in traditional removable cards.

Data and Functionality

Identification and Subscriber Data

The serves as the primary unique identifier for a mobile network subscriber on a SIM card, enabling the network to recognize and authenticate the user. It is stored in the SIM's elementary file (EFIMSI) under identifier '6F07' as a variable-length record, typically comprising up to 15 decimal digits encoded in a packed format. The IMSI structure consists of three components: the (MCC, 3 digits identifying the country), the Mobile Network Code (MNC, 2-3 digits specifying the operator within the country), and the Mobile Subscriber Identification Number (MSIN, the remaining digits uniquely identifying the subscriber within the network). This hierarchical format facilitates global routing and subscriber management across and subsequent networks. The Integrated Circuit Card Identifier (ICCID) provides a unique for the SIM card itself, distinguishing it from the subscriber's identity and used for card lifecycle management, such as issuance and tracking. It follows the ISO/IEC 7812 standard, consisting of 19 to 20 digits: a major industry identifier (89 for ), country code, issuer identifier, account identifier, and a for validation. Unlike the IMSI, which ties to the user profile and can change with number portability or multi-IMSI configurations, the ICCID remains fixed to the physical or embedded card throughout its operational life. Both identifiers are provisioned by the during SIM personalization and are readable by the device for initial network attachment. Additional subscriber-related data on the SIM may include the last used or preferred network codes (e.g., in EFLOCI for location information), but core identification relies on IMSI and ICCID to link the card to the subscriber's profile in the operator's Home Location Register (HLR) or equivalent database. These elements ensure privacy through temporary identifiers like the Temporary Mobile Subscriber Identity (TMSI), which the network assigns post-IMSI exchange to avoid broadcasting the full IMSI repeatedly. Subscriber adheres to and ETSI specifications, with IMSI access restricted to authenticated network queries to mitigate interception risks.

Authentication Keys and Processes

The authentication process for SIM cards in GSM networks employs a challenge-response mechanism using a shared 128-bit secret key known as Ki, provisioned securely in both the SIM card and the network's Center (AuC) during subscriber registration, and never transmitted over the air interface. The AuC generates a 128-bit random challenge (RAND) and computes a 32-bit signed response (SRES) via the A3 authentication algorithm, which takes RAND and Ki as inputs; it also derives a 64-bit ciphering key (Kc) using the A8 key generation algorithm. The RAND is forwarded to the (MS), where the SIM computes its own SRES' using the identical A3(RAND, Ki) and returns it to the network for verification against the AuC's precomputed SRES; a match grants access, enabling unilateral of the MS by the network, while Kc initializes A5 for subsequent communications. A common proprietary implementation of A3/A8 is COMP128 (or variants like COMP128-1), which processes the 128-bit RAND concatenated with Ki to produce a 128-bit output, from which the first 32 bits form SRES and the subsequent 54 bits (with 10 bits discarded or used for parity) yield Kc; however, cryptanalytic attacks since 1998 have demonstrated that COMP128-1 allows extraction of Ki from as few as two authentication challenges, compromising long-term secrecy in affected networks. These vulnerabilities stem from COMP128's one-way hash compression reducing effective key entropy, prompting some operators to adopt strengthened variants like COMP128-2 or -3, which resist full Ki recovery but may still leak partial information. In networks, the SIM evolves into a USIM implementing the Authentication and Key Agreement (AKA) protocol per 3GPP TS 33.102, replacing GSM's unilateral scheme with using a 128-bit long-term secret key K shared between the USIM and Home Environment (HE). The HE generates RAND and an authentication token (AUTN) incorporating a (MAC) computed via the f1 integrity (using K, RAND, and number SQN); the Serving Network sends both to the USIM, which verifies AUTN's MAC and freshness via f1 to authenticate the network, then computes a response (RES) using the f2 and derives 128-bit ciphering key (CK) and integrity key (IK) via f3, f4, and f5 algorithms, forwarding RES for network verification against expected XRES. This process ensures bidirectional trust and session key freshness, with keys confined to the USIM and network endpoints, mitigating eavesdropping risks inherent in GSM's weaker design. Subsequent generations like LTE extend AKA into EPS-AKA, retaining core principles but incorporating elliptic curve-based enhancements for key derivation in (5G-AKA), where the root key K is used with f* operator-specific algorithms to generate longer keys resistant to quantum threats, though backward compatibility preserves Ki/K usage in legacy SIMs. Key storage in SIMs employs tamper-resistant hardware, with involving encrypted delivery from manufacturers to operators, ensuring Ki or K integrity against physical extraction attempts.

Stored User Data and Applications

SIM cards maintain user data in a structured of elementary files (EFs), separate from core subscriber identification and elements. The primary phone book storage occurs in the EF_ADN (identifier 6F3A), which records abbreviated dialing numbers comprising alpha identifiers for names and associated dialed numbers in BCD format, with optional capability for multiple numbers per entry through linkages to files like EF_EXT1 for extensions or EF_ANR for additional numbers. This file resides under the DF_PHONEBOOK (5F3A) or DF_TELECOM, enabling device-independent contact portability, though modern devices often prioritize internal storage for expanded fields like images or groups. Capacity depends on SIM memory allocation and implementation, typically accommodating 100 to 250 entries, limited by record size (up to 250 bytes per entry including extensions). Short Message Service (SMS) storage utilizes the EF_SMS (identifier 6F3C) under DF_TELECOM, preserving incoming messages as binary Protocol Data Units (PDUs) with timestamps and status flags, independent of deletion. Each record spans 176 bytes (including 140-byte payload plus headers), supporting 10 to 30 messages based on card capacity, with overflow or deletion handled via linear fixed record structure. Related files like EF_SMSP (6F42) store service parameters such as validity periods and protocol identifiers, while EF_SMSR (6F47) logs delivery status reports. Additional user-configurable data includes fixed dialing numbers in EF_FDN to enforce whitelists for and service dialing numbers in EF_SDN for operator-provided shortcuts. Beyond static data, SIM cards execute applications via embedded microprocessors, primarily through the SIM Application Toolkit (SAT) for GSM-era cards and its evolution, the USIM Application Toolkit (USAT), integrated into the USIM application on UICC platforms. SAT/USAT employs a command-response protocol where the SIM issues proactive commands (e.g., DISPLAY TEXT, GET INKEY) to the mobile equipment in response to network events, user actions, or timers, enabling dynamic services without full device software updates. USAT extends this with envelope commands for data download, multimedia presentation, and IP connectivity via files like EF_IPS (6FF1) for server addresses and EF_IPD (6FF2) for bearer data. Operators deploy these for proprietary menus, such as account balance checks or configuration prompts, activated via the USIM Service Table (EF_UST, 6F38) which flags supported capabilities. Advanced USIM variants support further applets under dedicated directories like DF_MexE for executable environments or DF_V2X for policies, though execution remains constrained by the SIM's limited processing power (typically 8-32 KB RAM).

Security Features

Core Protocols and Encryption

The core security protocol for SIM cards in GSM networks is the Authentication and Key Agreement (AKA) procedure, a challenge-response mechanism that verifies the subscriber's identity using a pre-shared secret key (Ki, 128 bits) stored securely on the SIM and in the network's Center (AuC). The network generates a 128-bit random challenge (RAND) and sends it to the , which forwards it to the SIM; the SIM then applies the A3 authentication to RAND and Ki, producing a 32-bit signed response (SRES) returned to the network for comparison against its own computation. Concurrently, the SIM executes the A8 on the same inputs to derive a 64-bit key (Kc), enabling subsequent air-interface encryption without transmitting sensitive data over the link. In practice, A3 and A8 are often implemented as a single on early SIMs, processing 128-bit inputs to output SRES and the truncated Kc, though this has been criticized for potential weaknesses in key derivation due to hash collisions exploitable in lab settings. The derived Kc feeds into stream ciphers like (a 64-bit key-based linear feedback shift register design) or weaker variants (A5/2, export-restricted), applied between the mobile equipment and to encrypt voice and signaling data, with the base station using its own A8 computation for symmetric decryption. This protocol ensures unidirectional network of the SIM, lacking mutual verification in basic GSM, which exposes it to false base station risks, though it provides for session keys. Evolutionary standards in () extend this via UMTS AKA in TS 33.102, where the SIM (as part of UICC) uses operator-configurable algorithms like MILENAGE (AES-based) or TUAK (for diversity) to generate longer 128-bit (CK) and (IK) keys from RAND and a sequence number (SQN) for replay protection, supporting stronger encryption like UEA1 (Kasumi-based) and integrity via UIA1. These keys enable end-to-end confidentiality and data over the radio bearer, with the SIM verifying network authenticity via AUTN (authentication token including SQN, MAC, and AK) to mitigate impersonation. For LTE/, EPS-AKA and 5G-AKA build on this, incorporating home network control and elliptic curve-based enhancements, but retain SIM computation of root keys for . The SIM-ME interface employs T=0 or T=1 protocols per ISO/IEC 7816-3 for secure APDU exchanges during these computations, ensuring commands like RUN GSM are executed tamper-resistantly. Over-the-air (OTA) management of SIM data uses 03.48 (now TS 101 181) for securing SIM Toolkit commands via symmetric (e.g., 3DES with derived keys) and integrity protection (MACs), allowing remote provisioning without physical access while binding packets to prevent replay or modification. These mechanisms prioritize hardware-enforced secrecy of Ki and algorithms, with SIMs certified to EAL4+ or higher under , though proprietary implementations vary in resistance to side-channel attacks like differential power analysis.

Authentication and Integrity Mechanisms

The SIM card facilitates subscriber to the through challenge-response protocols that leverage a pre-shared secret key, Ki, stored securely within the card's tamper-resistant hardware. This key, a 128-bit value generated during SIM provisioning and unknown to the subscriber, is paired with cryptographic algorithms to compute authentication responses and session keys. The process ensures that only legitimate subscribers with valid SIMs can access network services, while deriving keys for subsequent confidentiality protection. Additionally, the SIM provides local access control via a Personal Identification Number (PIN), required to unlock the card upon insertion or reset. Incorrect PIN entries (typically limited to three attempts) require the Personal Unblocking Key (PUK) for reset. Exceeding the PUK attempt threshold (usually ten) results in permanent locking: the chip's firmware detects the exceeded attempts, sets an irreversible flag or state in non-volatile memory (e.g., EEPROM or flash), and the program logic permanently refuses further PIN or PUK verification or unlocking, necessitating SIM replacement. Users can disable the SIM card PIN requirement on their mobile devices to avoid entering the PIN each time the device is powered on or the SIM is inserted. This configuration is performed through the device's settings and improves convenience but reduces the SIM card's local access control security. On Android devices, the steps typically involve the following:
  1. Open Settings.
  2. Go to “Security & privacy” (or “Security”).
  3. Select “More security & privacy” (or a similar option).
  4. Tap “SIM lock” (or “Configure SIM card lock”).
  5. Disable the “Lock SIM card” switch.
  6. Enter the current SIM PIN to confirm.
On some devices (for example, Samsung), the path may be Settings → Connections → SIM card manager → SIM card security → disable Lock SIM card. After disabling, the PIN is no longer requested upon device reboot. Users must know the current PIN, as three incorrect attempts will lock the SIM card, requiring the PUK code from the mobile network operator to unlock it. It is recommended to enable a device screen lock (such as PIN, pattern, password, or biometric) to protect data and mitigate the security risk introduced by disabling the SIM PIN. In the original standard, authentication operates via the AKA procedure, where the network's Register (VLR) retrieves an authentication triplet (RAND, SRES, Kc) from the Home Register (HLR) or AuC. The 128-bit RAND is sent to the SIM, which applies the algorithm to produce a 32-bit signed response SRES and the A8 algorithm to derive the 64-bit ciphering key Kc. The network compares the SIM-returned SRES against its stored value; a match enables ciphering with the A5 but provides only unidirectional , lacking network-to-subscriber verification or signaling checks. Evolving to with the USIM application on the Universal Integrated Circuit Card (UICC), the UMTS AKA protocol introduces and mechanisms. The network issues an authentication vector including a 128-bit RAND, a 128-bit expected response XRES, cipher/ keys CK/IK, and an authentication token AUTN comprising a sequence number SQN, authentication management field AMF, and MAC. The USIM verifies AUTN using the operator-specific key OPc (derived from a 128-bit or 256-bit OP) and functions f1* through f5* (standardized as MILENAGE in TS 35.205), ensuring freshness via SQN synchronization and rejecting replays or false base stations. Successful verification yields a 128-bit response RES (for network comparison), alongside CK for and IK for protection of signaling messages via the UIA family. Subsequent advancements in LTE (EPS-AKA) and (5G-AKA) retain the SIM/USIM's core role in key derivation, incorporating enhanced null-encryption options and home network control over integrity algorithms like NEA0/1/2/3 for and NIA0/1/2/3 for NAS-layer , mitigating man-in-the-middle risks through stronger key separation and optional SUCI encryption for IMSI . mechanisms specifically employ IK or derived keys to compute message authentication codes on RRC and NAS messages, detecting tampering during transmission, with the SIM's computations occurring offline to preserve key secrecy. These protocols, defined in Release 8 onward, address GSM's vulnerabilities by enforcing bidirectional verification and replay protection, though implementation flaws in proprietary algorithms like COMP128 have historically enabled cloning attacks.

Security Vulnerabilities and Attacks

Physical and Cloning Exploits

Physical exploits against SIM cards typically require direct access to the card, enabling attackers to interface with the embedded microcontroller using specialized readers or oscilloscopes. These attacks often target the card's hardware to extract sensitive such as the (IMSI) and the individual subscriber authentication key (Ki), which are essential for network authentication. Without physical protections like secure elements or tamper-resistant packaging, attackers can repeatedly query the card offline, bypassing network-imposed rate limits. A prominent example involves side-channel attacks on the COMP128-1 algorithm used in early GSM SIM cards for A3/A8 authentication functions. In 1998, researchers demonstrated that COMP128-1's design flaw—a "narrow pipe" vulnerability—allows recovery of the 128-bit Ki after approximately 150,000 offline challenge-response queries, as the algorithm's internal state leaks information through truncated outputs. This enables full cloning by programming the extracted IMSI and Ki onto a programmable SIM card, allowing duplicate authentication to the network. Commercial cloning kits exploiting this have been available online for legacy cards. Advanced physical attacks extend to 3G and 4G SIMs (USIMs) using techniques like differential power analysis (DPA) or electromagnetic analysis with an connected to the card's contacts during operations. A 2015 demonstration showed that even with stronger algorithms like Milenage, insufficient countermeasures against physical probes allow key extraction in hours using consumer-grade equipment, highlighting the need for hardware-level protections such as active shielding or epoxy potting. These exploits underscore that cryptographic strength alone is inadequate without robust , as attackers with card possession can perform unlimited trials. Cloning remains feasible for older or poorly implemented SIMs, but modern cards mitigate risks through updated algorithms (e.g., COMP128-3, Milenage) and hardware enhancements like secure memory partitioning. However, physical access still poses a in scenarios involving device theft or compromises, where attackers can decapsulate chips for invasive . Operators have responded by phasing out vulnerable cards, though billions of legacy SIMs persist globally.

SIM Swapping and Operator Compromises

SIM swapping, also known as SIM hijacking, involves fraudsters exploiting weaknesses in mobile network operators' customer verification processes to transfer a victim's phone number to a SIM card under the attacker's control. Attackers typically gather through data breaches, phishing, or public sources to impersonate the victim during contact with carrier support, requesting a number port to a new SIM; in some cases, they bribe or collude with carrier employees to bypass checks. This deactivates the victim's legitimate SIM, redirecting calls and SMS—including two-factor authentication codes—to the attacker, enabling unauthorized access to linked financial, email, or cryptocurrency accounts. Prevalence has surged due to lax operator safeguards, with the FBI investigating 1,075 SIM swap incidents in 2023 resulting in approximately $50 million in losses. In the UK, reported cases increased 1,055% in 2024, from 289 to nearly 3,000 incidents. High-profile examples include the , 2019, hijacking of CEO Jack Dorsey's account by the "Chuckling Squad" hacking group, who used a SIM swap to post inflammatory content before regaining control. In January 2018, investor Michael Terpin lost $24 million in after an SIM swap facilitated by an insider; he sued the carrier for $224 million, with the Ninth Circuit Court of Appeals reviving key claims under the Federal Communications Act in September 2024. Such attacks have also enabled multimillion-dollar thefts, including a November 2022 SIM swap leading to over $400 million stolen, resulting in charges against three individuals in 2025. Operator compromises extend beyond social engineering to include direct breaches of telecom infrastructure, enabling bulk unauthorized SIM activations or data manipulation. In April 2025, South Korea's suffered a breach exposing customer data, potentially aiding SIM-related by revealing verification details. SIM farms—networks of activated SIMs used for or —represent another vulnerability; U.S. Secret Service operations in September 2025 disrupted such setups in involving over 100,000 SIM cards across multiple sites, linked to foreign actors evading detection for or mass attacks. Insider threats compound these risks, as seen in SIM swapping cases where carrier employees facilitated ports for bribes, highlighting systemic failures in access controls and monitoring. SIMbox fraud, involving hidden banks of SIMs to reroute international calls and bypass billing, further erodes operator security by enabling unmonitored interception of communications.

Remote and Protocol-Based Attacks

Remote and protocol-based attacks on SIM cards exploit vulnerabilities in the over-the-air (OTA) communication channels and protocols, such as delivery or signaling exchanges, without requiring physical possession of the card. These attacks leverage flaws in the SIM's , toolkit applications, or cryptographic implementations to execute unauthorized commands, extract sensitive data like location information, or compromise keys remotely. Unlike physical exploits, they rely on network-accessible interfaces, often targeting legacy or protocols where is absent or weakly enforced, allowing adversaries to impersonate legitimate network elements or inject malicious payloads via standard messaging. A prominent example is the Simjacker vulnerability, disclosed in September 2019 by AdaptiveMobile Security (now part of Enea), which affects SIM cards equipped with the S@T SIM Toolkit browser or similar applications supporting interactive commands. Attackers send a specially crafted binary —undetectable as such by the user—that instructs the SIM to query its current cell ID and transmit it back to the attacker's server, enabling precise tracking with an accuracy of 10-100 meters in urban areas. This exploit was actively used by a surveillance firm operating in at least 29 countries, potentially impacting up to 1 billion devices with vulnerable SIMs from various manufacturers, as the flaw stems from unpatched firmware lacking input validation on toolkit commands. The attack succeeds silently because the SIM executes the payload independently of the handset OS, bypassing device-level ; variants have included commands for device info retrieval or further payload delivery. Earlier protocol weaknesses, such as those identified in 2013 by Security Research Lab, exposed certain SIM cards to remote reprogramming via OTA channels using the Data Download via SMS-Point-to-Point mechanism under 03.48. These SIMs employed a flawed (PRNG) for session keys in the COMP128 algorithm, generating predictable keys that allowed decryption of OTA messages with minimal computational effort—approximately 95% success rate against affected cards from a specific manufacturer supplying over 500 million units. Attackers could then inject or extract the secret Ki key, enabling full SIM cloning. While carriers mitigated this through OTA patches where possible, many legacy SIMs remain unupdatable due to hardware constraints, highlighting persistent risks in deployed . In contrast, modern remote SIM provisioning protocols like GSMA's RSP for eUICCs have undergone showing resilience against similar network adversaries when implemented correctly, though they inherit risks if endpoint SIM crypto is compromised.

Evolutionary Variants

USIM and UICC Advancements

The Universal Subscriber Identity Module (USIM) was standardized in Release 99, finalized in 2000, as an application on the Universal Integrated Circuit Card (UICC) to support networks, offering enhanced security over the SIM through and 128-bit cipher and integrity keys derived via the f8 and f9 s, respectively, compared to the SIM's one-way and 64-bit A5 . The USIM's file structure, defined in 3GPP TS 31.102, includes dedicated files for UMTS-specific parameters like the Home Environment IMSI and authentication vectors, enabling support for higher data rates and integrity-protected signaling absent in SIMs. This shift addressed 's vulnerabilities, such as COMP128's predictable Ki derivation, by introducing stronger key generation compliant with 's MILENAGE . The UICC, specified in 3GPP TS 31.101 for physical and logical terminal interfaces, evolved from the UMTS IC card concept in ETSI standards to a multi-application platform by Release 5 (2002), supporting not only USIM but also ISIM for IMS services and CSIM for CDMA compatibility, with a shared under the Master File (MF) and Application Dedicated Files (ADF). Advancements through Release 8 (2008-2009) included extensions for LTE, adding E-UTRAN parameters to USIM elementary files and increasing voltage options to 1.8V/3V/5V for broader device compatibility, while TS 31.101 updates raised maximum clock frequencies to 5 MHz and supported half-duplex transmission modes for efficiency. By Release 17 (2022), UICC specifications incorporated Card 3.0.5 APIs for secure applet execution, enabling dynamic service provisioning via over-the-air (OTA) updates through BIP (Bearer Independent Protocol) and CAT-TP, with enhanced error handling and power management for low-power IoT integration. Security-focused advancements in USIM/UICC include the adoption of (ECC) options in Release 9 (2010) for key agreement, reducing computational load versus RSA, and integrity checks on USIM applets to prevent tampering, as mandated in TS 31.111 for test procedures. These developments maintained —USIM cards emulate SIM behavior via the 2G ADF—while scaling storage to gigabytes in modern UICCs, supporting encrypted user data files up to 256 KB per elementary file and multi-profile configurations for global roaming. Empirical testing in conformance suites confirms USIM's resilience to replay attacks through sequence counters and fresh RAND challenges, though implementations must adhere strictly to specs to avoid operator-specific flaws observed in early deployments.

Embedded SIM (eSIM)

The embedded SIM (), also known as , integrates the functionality of a traditional (UICC) directly into a device's hardware as a non-removable chip, enabling remote provisioning and management of subscriber profiles without physical card insertion. Defined by specifications, eSIM allows devices to download and switch operator profiles over-the-air, supporting multiple profiles stored simultaneously for seamless transitions between carriers. This evolution addresses limitations of removable SIMs by embedding secure elements compliant with standards like SGP.22 for applications, which detail protocols for profile installation, , and deletion via entities such as the Subscription Manager Data Preparation (SM-DP+) server. GSMA initiated eSIM standardization in the early 2010s to prevent market fragmentation, with initial specifications emerging around 2016; the first commercial deployments occurred in machine-to-machine (M2M) markets in 2012, followed by consumer devices such as the Series 3 in 2017 and smartphones like the Google Pixel 2 and in 2017-2018. For IoT, dedicated specs like SGP.32 (version 1.2, June 2024) provide tailored technical requirements for remote management in low-power, high-volume deployments. eSIM maintains equivalent security to physical SIMs through embedded secure elements that handle and , but relies on operator infrastructure for profile delivery, which has driven development including certification programs for . Key advantages include space efficiency for compact devices like wearables and IoT sensors, simplified for carrier switching without hardware swaps—particularly for global roaming, where it eliminates the need for physical SIM card exchanges and enables quick switching to local or international profiles—and enhanced dual-SIM capabilities by storing multiple profiles. However, eSIM adoption requires compatible device hardware and carrier support for provisioning platforms, with challenges such as profile transfer difficulties between devices and potential if operators restrict profile switching. By 2025, eSIM shipments in smartphones and IoT devices exceed hundreds of millions annually, with projections estimating 75% of smartphones eSIM-enabled by 2030, accelerating due to regulatory pushes for and integration.

Integrated SIM (iSIM) and IoT Variants

The Integrated SIM (iSIM), also known as the integrated (iUICC), embeds SIM functionality directly into a device's system-on-chip (SoC), typically as a secure enclave housing the SIM operating system and (MNO) profile. This architecture eliminates the need for discrete SIM hardware, allowing the device to authenticate with cellular networks using integrated processing resources for and profile management. Standardization efforts by the , building on embedded (eUICC) foundations, advanced through a proof-of-concept phase following the ieUICC initiative launched in 2015, with full specifications enabling remote provisioning similar to but without separate chip soldering. In contrast to eSIMs, which require a dedicated reprogrammable chip mounted on the (PCB), iSIMs fuse connectivity logic into the primary processor, reducing bill-of-materials costs by up to 20-30% in low-complexity designs and minimizing PCB real estate by avoiding additional components. Power efficiency improves due to shared resources, with iSIMs drawing less standby current—critical for battery-constrained applications—while maintaining compatibility with 3GPP-defined authentication protocols like those in Release 17 for IoT. Security enhancements include tamper-resistant integration, as the SIM enclave leverages the SoC's hardware root of trust, reducing attack surfaces compared to exposed eSIM chips vulnerable to physical extraction. However, iSIM deployment demands early-stage SoC customization, limiting flexibility for aftermarket profile switches without updates. For IoT variants, iSIM optimizes resource-limited devices such as sensors, asset trackers, and wearables, where form factors under 1 mm² and power budgets below 1 mW are essential. Advantages include simplified , as manufacturers avoid SIM inventory and pre-provisioning, enabling just-in-time MNO profile downloads during activation. In 2025, adoption accelerated with partnerships like Quectel, , and IoT demonstrating iSIM in production modules supporting multi-network and RedCap standards, projecting deployment in over 10% of new (LPWAN) devices by 2026. These variants prioritize durability in harsh environments, with integrated error correction and over-the-air updates, though challenges persist in interoperability testing across SoC vendors and regulatory certification for global markets. GSMA reports indicate iSIM's edge in for deployments exceeding 1 million units, driven by reduced failure rates from fewer solder joints.

Usage in Networks and Devices

Integration with Cellular Standards

The Subscriber Identity Module (SIM) was initially integrated into the standard, defined by the European Telecommunications Standards Institute (ETSI) in the early 1990s, where it served as a removable storing the and performing challenge-response authentication using the A3 and A8 algorithms to generate session keys for air-interface encryption and integrity. This integration enabled network operators to authenticate users and provision services without embedding credentials in the mobile (ME), with the SIM-ME interface specified via ISO/IEC 7816-compliant Application Protocol Data Units (APDUs). With the transition to Universal Mobile Telecommunications System (UMTS) under 3GPP Release 99 in 2000, the SIM evolved into the Universal SIM (USIM) application hosted on the Universal Integrated Circuit Card (UICC) platform, enhancing authentication through the Authentication and Key Agreement (AKA) protocol with stronger cryptographic primitives like the MILENAGE algorithm family for mutual authentication, integrity protection, and key derivation compliant with 3GPP TS 33.102. The UICC maintained backward compatibility with GSM SIM via multi-application support, allowing dual-mode devices to fallback to 2G while leveraging USIM for 3G-specific features such as higher-bandwidth packet data and IMSI privacy via temporary identifiers. In Long-Term Evolution (LTE) networks under Releases 8-10 (circa 2008-2011), the USIM on UICC remained the core integration point, supporting evolved packet system (EPS) AKA for Evolved Packet Core (EPC) attachment, with extensions for via the IP Multimedia Services Identity Module (ISIM) application on the same card to handle SIP-based services and VoLTE. Physical and logical interfaces were standardized in TS 31.101 and TS 31.102, ensuring interoperability across multi-mode devices capable of handover between , , and radio access technologies (RATs). For New Radio (NR) in Release 15 onward (2018+), integration persists via the 5G AKA protocol on USIM/UICC, incorporating enhanced key separation for network slicing and while retaining the long-term secret key (K) for primary authentication against the home network's Unified Data Management (UDM), with optional secondary authentication for non- access. This ensures seamless RAT interoperability, as mandated in TS 33.501, though legacy SIMs may limit access to basic features without USIM-compliant updates. The UICC's role extends to provisioning via (RSP) under SGP.22 standards, facilitating over-the-air profile management across generations without physical card swaps.

Multi-SIM Devices and Carrier Practices

Multi-SIM devices, also known as multi-universal subscriber identity module (MUSIM) user equipment, enable the simultaneous management of multiple subscriber identity modules within a single device, allowing users to maintain connections to different networks or services. These capabilities are standardized by bodies such as 3GPP and GSMA, with support extending to LTE and 5G NR networks to handle challenges like paging occasion collisions in single receive/transmit configurations. Common implementations include dual-SIM setups, where devices support either Dual SIM Dual Standby (DSDS) or Dual SIM Dual Active (DSDA) modes. In DSDS mode, both SIMs remain registered in idle state for incoming calls or messages, but only one can engage in active voice or data sessions at a time, relying on a single transceiver that switches between SIMs. DSDA, conversely, permits concurrent active connections on both SIMs, necessitating dual transceivers and consuming more power, which limits its adoption to premium devices. GSMA's TS.37 specification outlines requirements for multi-SIM devices, including multiple IMEIs for distinct network connections and baseband support for dual-SIM operations. Carrier practices regarding multi-SIM usage vary by region and operator, often influenced by device unlocking policies and network compatibility. , major carriers have historically restricted dual-SIM functionality in subsidized devices to encourage single-carrier loyalty, with some blocking high-end models from featuring full multi-SIM support. Unlocked devices are required for multi-carrier operation, and the FCC has pushed for standardized unlocking timelines, such as 60 days, to facilitate dual-SIM portability. Certain carriers limit mobile data allocation to a primary SIM slot, particularly in international variants, potentially overriding user preferences for secondary lines. Benefits of multi-SIM include enhanced flexibility for separating personal and lines, cost-effective international via local SIM insertion, and redundancy against network outages through carrier switching. However, limitations persist, such as accelerated battery drain from dual registrations, management complexity in SIM prioritization, and temporary unavailability of the standby SIM during active sessions on the primary. Multi-carrier SIM variants, leveraging agreements, further enable seamless network selection but may incur higher costs without direct carrier affiliation. As of 2025, eSIM integration has expanded multi-SIM viability by allowing virtual profiles alongside physical slots, though carrier provisioning remains a bottleneck in locked ecosystems.

Recent Developments and Challenges

![Embedded SIM from M2M supplier Eseye with an adapter board for evaluation in a Mini-SIM socket][float-right] The global market, valued at approximately $1.46 billion in 2024, is projected to expand to $6.29 billion by 2032, reflecting a (CAGR) of 20%, driven primarily by increasing integration in and IoT devices. Alternative estimates place the 2024 market size at $10.32 billion, with growth to $17.67 billion by 2033 at a CAGR of 5.1%, highlighting variances in scope across consumer and enterprise segments but underscoring robust overall expansion. eSIM connections nearly doubled from 310 million in 2023 to 598 million in 2024, with forecasts indicating that 60% of global unit sales will be eSIM-compatible by 2025. Adoption trends show acceleration in , particularly following Apple's shift to eSIM-only iPhones in the starting with the iPhone 14 in 2022, and its subsequent expansion to global eSIM-only models such as the iPhone 17 Air in 2025, which promotes remote SIM provisioning and has accelerated worldwide uptake. By 2025, an estimated 3.4 billion -enabled devices are in use globally, up from 1.2 billion in 2021, with shipments of eSIM-capable devices expected to exceed 633 million units in 2026, propelled by advancements in standards like SGP.32 and strong demand in Chinese markets. In IoT applications, eSIM facilitates scalable connectivity for machine-to-machine communications, contributing to projections of over 9 billion eSIM/iSIM-capable devices shipped cumulatively by 2030, growing at a 22% CAGR from 2024 levels. Regionally, the maintains leadership in eSIM penetration, with nearly 20% of international trips from utilizing as of 2025, supported by widespread carrier compatibility and regulatory pushes for digital provisioning. exhibits the highest growth trajectory for eSIM-enabled , driven by high-volume shipments in and expanding IoT deployments, while benefits from seamless regional under frameworks like the EU's connectivity directives, though adoption lags in rural areas. , , and collectively account for over 80% of eSIM shipments. Travel usage has surged as an alternative to traditional , offering advantages such as no need for physical card swaps and quick switching via remote provisioning, with revenues projected to reach $1.8 billion by the end of 2025, an 85% increase from $989 million in 2024, reflecting preference for flexible, app-based amid rising international mobility. Challenges persist, including uneven carrier support and interoperability issues in emerging markets, but standardization efforts by bodies like are mitigating these, fostering broader enterprise and uptake.

Sustainability and Market Impacts

The widespread production of physical SIM cards, with approximately 4.19 billion removable units shipped in 2023, generates substantial plastic waste from materials like PVC and embedded metals, contributing to broader e-waste challenges where global recycling rates hover at 15-20%. The transition to embedded SIM (eSIM) technology addresses these issues by obviating physical cards entirely, thereby curtailing manufacturing demands and eliminating distribution logistics that account for a portion of emissions in traditional SIM lifecycles. eSIM deployment yields measurable environmental gains, including 46% lower CO2 emissions per unit compared to physical SIMs, with production responsible for just 2% of an eSIM's total footprint and zero emissions from card transport or packaging. Independent assessments further quantify reductions in carbon intensity by up to 87%, alongside avoidance of millions of tons of annual discards from SIM production scales. However, eSIMs necessitate integrated chipsets in devices, which could elevate initial resource use if not offset by extended device lifespans or modular designs. Market dynamics reflect this shift, with eSIM comprising 28% of global SIM shipments in 2024 and projected to drive further erosion of physical SIM demand through 2030. The eSIM sector, valued at $1.46 billion in 2024, is forecasted to expand to $6.29 billion by 2032 at a compound annual growth rate of 19.4%, fueled by IoT proliferation and carrier efficiencies in provisioning without physical inventory. This disrupts legacy SIM suppliers, who supplied billions of units annually but now pivot to eSIM provisioning platforms amid declining removable card volumes, while operators realize cost savings from streamlined activation and reduced waste handling.

Future Directions and Limitations

![Embedded SIM for IoT evaluation][float-right] The transition toward embedded SIM (eSIM) and integrated SIM (iSIM) technologies represents a primary future direction for SIM cards, with eSIM adoption surging 594% since and projected to become the connectivity standard by , driven by remote provisioning and reduced hardware dependency. iSIM variants, integrating connectivity directly into device chips, are anticipated to grow at a 63% from 2023 to 2028, particularly suiting space-constrained IoT applications through enhanced power efficiency and security. In IoT ecosystems, eSIM facilitates improved , provisioning, and , though current usage stands at only 33% of cellular IoT devices, with eSIM-enabled connections expected to rise 43% amid expanding device numbers. Sustainability benefits emerge from eSIM's elimination of physical cards, minimizing materials, waste, and logistics in production and distribution. Advancements in SIM security for emerging networks include quantum-resistant upgrades, such as (PQC) integration into 5G/6G Trusted SIMs to counter threats to traditional asymmetric , enabling hybrid algorithms for user identity protection. These developments align with 6G's demands for AI-native networks and enhanced security, though full implementation requires core network overhauls. Despite these trajectories, SIM technologies face persistent limitations in and . Physical SIM cards remain susceptible to , , and SIM swapping attacks, where hackers exploit social or carrier vulnerabilities to hijack numbers and access like banking credentials. eSIMs mitigate physical risks but introduce challenges in remote management, potentially exposing profiles to over-the-air exploits if provisioning platforms lack robust safeguards. concerns amplify with mandatory SIM registration, which collects personally identifiable information (PII) prone to breaches, unauthorized , or opaque handling by carriers and governments. Adoption barriers persist due to issues across carriers, device compatibility, and regulatory fragmentation, hindering seamless global deployment. Quantum threats further underscore cryptographic vulnerabilities in legacy SIM authentication, necessitating proactive PQC migration amid evolving attack vectors.

References

  1. https://www.etsi.org/technologies/sim
  2. https://www.etsi.org/deliver/etsi_ts/151000_151099/151011/04.14.00_60/ts_151011v041400p.pdf
  3. https://www.gi-de.com/en/group/press/press-releases/30-years-of-sim-a-fascinating-success-story
  4. https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/15.08.00_60/ts_131102v150800p.pdf
  5. https://www.3gpp.org/ftp/tsg_t/WG3_USIM/TSGT3_01/docs/t3-99032.pdf
  6. https://www.gsma.com/about-us/who-we-are/our-history/
  7. https://www.electronics-notes.com/articles/history/cellphone-history/gsm-history-groupe-special-mobile.php
  8. https://www.gi-de.com/en/spotlight/digital-security/the-sim-card-turns-30
  9. https://www.tech.gov.sg/media/technews/all-you-ever-wanted-to-know-about-the-sim-card-history/
  10. https://www.airalo.com/blog/the-history-of-the-sim-card-everything-you-need-to-know
  11. https://www.etsi.org/images/files/news/CreationOfStandardsForGlobalMobileCommunication.epub
  12. https://www.globalyo.com/blog/from-concept-to-connectivity-tracing-the-path-of-sim-card-history/
  13. https://www.3gpp.org/specifications-technologies/specifications-by-series
  14. https://www.etsi.org/newsroom/news/398-news-release-1-june-2012
  15. https://nilsonreport.com/articles/card-manufacturers-part-2-4/
  16. https://www.emergenresearch.com/industry-report/subscriber-identity-module-cards-market
  17. https://www.proficientmarketinsights.com/market-reports/sim-cards-market-2582
  18. https://www.quora.com/Why-did-semiconductor-manufacturing-shift-from-the-US-to-Asia-in-the-1990s
  19. https://www.iot-now.com/2024/02/15/142450-the-evolution-of-sim-cards-in-8-parts/
  20. https://www.alliedmarketresearch.com/sim-card-market-A293610
  21. https://www.businessresearchinsights.com/market-reports/sim-cards-market-110246
  22. https://www.gi-de.com/en/spotlight/digital-security/esim-or-pluggable-sim-which-is-the-greener-choice
  23. https://www.zipitwireless.com/blog/sim-card-types-and-sizes-explained
  24. https://encriptados.io/en/blogs/news/this-is-how-the-sim-card-has-evolved-over-the-years/
  25. https://prune.co.in/VG/resources/blog/the-evolution-of-sim-cards-from-mini-to-nano-to-esim
  26. https://www.3gpp.org/news-events/partner-news/sim-card-format-for-slimmer-smaller-phones
  27. https://help.1nce.com/dev-hub/docs/sim-cards-iot-business
  28. https://telnyx.com/resources/sim-form-factors
  29. https://www.hologram.io/blog/a-guide-to-sim-card-form-factors/
  30. https://www.telit.com/blog/sim-card-types-form-factors/
  31. https://www.tec.gov.in/pdf/GRMT/TEC-GR-WS-SIM-002-01-OCT-04.pdf
  32. https://en.eeworld.com.cn/mp/liangxulinux/a406766.jspx
  33. https://builtin.com/hardware/what-is-a-sim-card
  34. https://www.etsi.org/deliver/etsi_ts/102200_102299/102221/17.04.00_60/ts_102221v170400p.pdf
  35. https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/11.06.00_60/ts_131102v110600p.pdf
  36. https://flolive.net/blog/glossary/imsi-vs-imei-6-key-differences-how-they-work-together/
  37. https://www.p1sec.com/blog/understanding-imsi-the-key-to-mobile-identity-and-security
  38. https://onomondo.com/blog/iccid-number-explained/
  39. https://www.trentonsystems.com/en-us/resource-hub/blog/what-is-a-sim-card
  40. https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/16.11.00_60/ts_131102v161100p.pdf
  41. https://www.just.edu.jo/~tawalbeh/cpe542/project/r11.pdf
  42. https://www.giac.org/paper/gsec/1499/gsm-standard-an-overview-security/102787
  43. https://static.aminer.org/pdf/PDF/000/370/325/gsm_security_ii.pdf
  44. http://www.tcs.hut.fi/Studies/T-79.514/slides/S5.Brumley-comp128.pdf
  45. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/18.00.00_60/ts_133102v180000p.pdf
  46. https://uia.brage.unit.no/uia-xmlui/bitstream/handle/11250/137418/master_ikt_2001_dohmen.pdf?sequence=1
  47. https://6point6.co.uk/insights/telecoms-stack-sim-cards/
  48. https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/18.04.00_60/ts_131102v180400p.pdf
  49. https://saily.com/blog/what-is-stored-on-a-sim/
  50. https://www.etsi.org/deliver/etsi_ts/101200_101299/101267/08.18.00_60/ts_101267v081800p.pdf
  51. https://www.etsi.org/deliver/etsi_ts/143000_143099/143020/15.00.00_60/ts_143020v150000p.pdf
  52. https://www.researchgate.net/figure/GSM-Authentication-and-Encryption_fig1_322324383
  53. https://www.ericsson.com/en/blog/2021/9/authentication-and-key-agreements
  54. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/06.03.00_60/ts_133102v060300p.pdf
  55. https://www.etsi.org/deliver/etsi_ts/101400_101499/101413/07.01.00_60/ts_101413v070100p.pdf
  56. https://www.etsi.org/deliver/etsi_ts/101100_101199/101181/08.03.00_60/ts_101181v080300p.pdf
  57. http://www.cs.bilkent.edu.tr/~selcuk/publications/GUAP_WETICE05.pdf
  58. https://www.etsi.org/deliver/etsi_gsm/11/11011/04.10.00_60/gsm_11.11v041000p.pdf
  59. https://www.ijcstjournal.org/volume-2/issue-6/IJCST-V2I6P25.pdf
  60. https://arxiv.org/pdf/2107.07416
  61. https://www.blackhat.com/docs/us-15/materials/us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security.pdf
  62. https://perso.uclouvain.be/fstandae/PUBLIS/125_long.pdf
  63. https://fc13.ifca.ai/slide/4-3.pdf
  64. https://arxiv.org/pdf/1002.3175
  65. https://www.researchgate.net/publication/284569428_On_the_Need_of_Physical_Security_for_Small_Embedded_Devices_A_Case_Study_with_COMP128-1_Implementations_in_SIM_Cards
  66. https://www.proofpoint.com/us/threat-reference/sim-swapping
  67. https://www.wired.com/story/jack-dorsey-twitter-hacked/
  68. https://www.bitsight.com/blog/what-is-sim-swapping
  69. https://www.thomsonreuters.com/en-us/posts/corporates/sim-swap-fraud/
  70. https://keepnetlabs.com/blog/what-is-sim-swap-fraud
  71. https://www.nytimes.com/2019/09/05/technology/sim-swap-jack-dorsey-hack.html
  72. https://www.alstonprivacy.com/inside-the-sk-telecom-data-breach-what-happened-and-what-companies-can-learn/
  73. https://www.foxnews.com/us/massive-telecom-bust-major-city-wake-up-call-foreign-adversaries-threaten-us-security-experts
  74. https://www.subex.com/blog/simbox-fraud-challenges-and-ai-powered-solutions-for-telecom-operators/
  75. https://www.enea.com/insights/simjacker-next-generation-spying-over-mobile/
  76. https://capec.mitre.org/data/definitions/614.html
  77. https://cert.europa.eu/publications/security-advisories/2019-020/
  78. https://www.lookout.com/documents/threat-reports/us/lookout-simjacker-tg-us.pdf
  79. https://www.kaspersky.com/blog/sim-cards-encryption-vulnerability-the-scope-of-the-problem/927/
  80. https://www.gsma.com/solutions-and-impact/technologies/esim/security-analysis-of-the-consumer-remote-sim-provisioning-protocol/
  81. https://www.etsi.org/deliver/etsi_tr/131900_131999/131900/05.02.00_60/tr_131900v050200p.pdf
  82. https://www.researchgate.net/publication/239671518_The_Evolution_of_the_Smart_Card_in_Mobile_Communications
  83. https://www.etsi.org/deliver/etsi_ts/131100_131199/131101/17.00.00_60/ts_131101v170000p.pdf
  84. https://www.3gpp.org/DynaReport/31101.htm
  85. https://www.3gpp.org/DynaReport/31-series.htm
  86. https://trustedconnectivityalliance.org/wp-content/uploads/2021/02/Trusted-Connectivity-Alliance-5G-SIM_FINAL.pdf
  87. https://www.gsma.com/solutions-and-impact/technologies/esim/
  88. https://www.gsma.com/solutions-and-impact/technologies/esim/esim-specification/
  89. https://omdia.tech.informa.com/om032029/as-esim-takes-off-mnos-must-modernize-their-provisioning-platforms
  90. https://www.airalo.com/blog/9-advantages-of-traveling-with-an-esim
  91. https://www.alixpartners.com/insights/102jmyp/esim-adoption-a-game-changer-for-the-telecommunications-market/
  92. https://www.u-blox.com/en/technologies/isim-latest-innovation-in-sim-technology-explained
  93. https://www.gi-de.com/en/digital-security/connectivity-iot/mobile-network-operator/integrated-sim
  94. https://kigen.com/resources/blog/what-is-isim-integrated-sim/
  95. https://www.telit.com/blog/sim-vs-esim-vs-isim/
  96. https://www.gsma.com/solutions-and-impact/technologies/esim/blog-from-arm-unlocking-secure-iot-device-connectivity-with-isim/
  97. https://flolive.net/blog/esim-vs-isim-the-touchless-sim/
  98. https://www.gsma.com/solutions-and-impact/technologies/esim/isim-opens-a-new-world-of-opportunity-for-mobile-and-iot-innovation/
  99. https://www.eseye.com/resources/blogs/soft-sim-esim-and-isim-differences/
  100. https://www.emnify.com/blog/sim-vs-esim-vs-isim
  101. https://www.com4.no/en/blog/esim-or-isim-pick-the-best-sim-for-your-iot-devices
  102. https://kigen.com/resources/blog/isim-the-future-of-iot-device-production/
  103. https://www.quectel.com/news-and-pr/isim-adoption-giesecke-devrient-vodafone-iot/
  104. https://altair.sony-semicon.com/blog/why-isim-is-the-future-of-iot/
  105. https://www.etsi.org/deliver/etsi_ts/131100_131199/131101/18.01.00_60/ts_131101v180100p.pdf
  106. https://www.etsi.org/deliver/etsi_ts/121100_121199/121111/18.00.00_60/ts_121111v180000p.pdf
  107. https://www.3gpp.org/DynaReport/31102.htm
  108. https://www.ericsson.com/en/blog/2019/7/3gpp-5g-security-overview
  109. https://www.3gpp.org/technologies/support-for-multi-sim-devices-for-lte-nr
  110. https://arxiv.org/pdf/2201.08041
  111. https://www.gsma.com/get-involved/working-groups/wp-content/uploads/2024/07/TS.37-v11.0-Requirements-for-Multi-SIM-Devices.docx
  112. https://www.gsma.com/newsroom/gsma_resources/ts-37-prd-requirements-multi-sim-devices/
  113. https://www.law360.com/articles/2362176/fcc-urged-to-mandate-phone-unlocking-for-dual-sim-use
  114. https://www.getnomad.app/blog/what-to-know-about-dual-sim-phones
  115. https://flolive.net/blog/glossary/multi-carrier-sim-card/
  116. https://ahsanmobiledandot.com/disadvantages-of-dual-sim-mobile-phones/
  117. https://www.airalo.com/blog/future-of-esim-2025-and-beyond
  118. https://techjury.net/industry-analysis/esim-market-size-and-trends-growth-adoption-future-outlook/
  119. https://www.grandviewresearch.com/industry-analysis/esim-market
  120. https://www.mobiliseglobal.com/50-esim-statistics-in-2023/
  121. https://www.esim.net/blog/esim-trends-insights-2025-infographic
  122. https://www.statista.com/topics/9909/esim/
  123. https://techxplore.com/news/2025-09-apple-esim-global-trend.html
  124. https://techcollectivesea.com/2025/06/19/esim-adoption-industries-borders/
  125. https://www.prnewswire.com/news-releases/esim-enabled-device-shipments-will-exceed-633-million-in-2026-driven-by-chinese-smartphone-adoption-and-sgp32-advancements-across-consumer-and-iot-markets-302557185.html
  126. https://counterpointresearch.com/en/insights/over-9-billion-esim-capable-devices-to-be-shipped-by-2030
  127. https://www.travelandtourworld.com/news/article/travel-esim-adoption-set-to-surge-in-north-america-by-2030-revolutionizing-connectivity-for-global-travelers/
  128. https://voyeglobal.com/esim-only-phones-2025/
  129. https://www.abiresearch.com/news-resources/chart-data/esim-market
  130. https://www.juniperresearch.com/press/travel-esims-surge-as-roaming-alternative/
  131. https://www.simlocal.com/post/apple-announce-iphone-17-air-esim-only-worldwide
  132. https://www.gsmaintelligence.com/research/industry-checkpoint-consumer-esim-q3-2025
  133. https://www.abiresearch.com/blog/esim-is-gaining-ground-on-removable-sim-cards
  134. https://www.ewaste1.com/15-e-waste-facts-we-all-need-to-know/
  135. https://www.airalo.com/blog/esim-technology-and-environmental-sustainability
  136. https://roamless.com/blog/esims-reduce-your-carbon-footprint-while-you-travel
  137. https://hackernoon.com/the-environmental-impact-of-esim-technology
  138. https://www.gi-de.com/en/digital-security/connectivity-iot/mobile-network-operator/esim-management/green-esim
  139. https://www.fortunebusinessinsights.com/industry-reports/embedded-sim-esim-technology-market-100372
  140. https://www.mordorintelligence.com/industry-reports/embedded-sim-market
  141. https://thebitjoy.com/fr/blogs/blog/esim-vs-isim
  142. https://www.cavliwireless.com/blog/not-mini/isim
  143. https://iot-analytics.com/role-of-esim-for-iot-better-security-simplified-roaming-easier-provisioning/
  144. https://www.techradar.com/pro/evolving-sim-technology-for-a-more-sustainable-future
  145. https://www.thalesgroup.com/en/news-centre/insights/enterprise/mobile-communications/how-safeguard-mobile-connectivity-post
  146. https://postquantum.com/post-quantum/telecom-pqc-challenges/
  147. https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/
  148. https://microesim.com/blogs/microesim-blogs/can-esim-guarantee-communication-security-and-privacy
  149. https://www.cm-alliance.com/cybersecurity-blog/unpacking-security-implications-of-esims-how-to-use-esims-safely
  150. https://simregistrationglobes.hashnode.dev/data-privacy-concerns-in-sim-card-registration
  151. https://lawgratis.com/blog-detail/sim-card-registration-and-privacy-issues
  152. https://vocal.media/futurism/e-sim-evolution-from-barriers-to-breakthroughs
  153. https://scifiniti.com/3104-4719/2/2025.0016
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.