Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Demystifying ESIM Technology [video] (ccc.de)
91 points by awat on Aug 20, 2023 | hide | past | favorite | 83 comments



For who wonders about the waving cat: These are used a lot at hacker conferences to check if the cams are still working (and not frozen). Shenanigans on the network are of course common at these events :) So they are put on the stages while nothing is on.

This was a big success and it turned out to be a bit of a mascotte :P They've become a permanent fixture now.


For those who are unfamiliar: https://en.m.wikipedia.org/wiki/Maneki-neko


I thought it's a smart way to combat video cutting


Could be also but this is what I was told by the instructor when I volunteered for stream directing at a hacker conference


I always wondered about this. Thank you.


My master's thesis from 2008 [0] gives some insight into the early design and strategic considerations (from a Nokia perspective) behind eSIM technology, in case anyone's curious.

[0] http://www2.imm.dtu.dk/pubdb/edoc/imm6812.pdf


Any idea how one can get hands on consumer-profile eUICC cards (or chips)? I've wanted to play around with eSIM (and perhaps use it for travel purposes), but don't want to upgrade my phone just yet.

Found this one, but it's for testing only: https://www.smartjac.biz/esim-subscription-management/consum...


https://esim.me is selling an eUICC-on-a-physical-SIM card. The only part that sucks is that you have to provision eSIM profiles through their proprietary Android app. Someone please reverse engineer it?


After some research I've found this thread on XDA: https://forum.xda-developers.com/t/a-tricky-way-to-use-esim-...

Seems like it should be possible to solder an eUICC chip to a SIM-card form factor board and use it with OpenEUICC. [1] Somebody is even selling those pre-soldered on Taobao: https://shop104192953.world.taobao.com/

Later in that thread, somebody also reported that OpenEUICC works with eSIM.me's cards, too. If you have one of these, can you give it a try perhaps?

[1]: https://gitea.angry.im/PeterCxy/OpenEUICC, https://github.com/AndroPlus-org/magisk-module-openeuicc


Nice, thanks for the links! (I don't own one, sorry)


Anyone know what the cost of starting a thin e-sim only "MVNO" would be? I've seen offerings like https://gigs.com but I assume due to NDAs there's no public pricing. Wondering what it would take to to offer something along the lines of Airalo or like the "me.ONE" plan offered on esim.me.


I've had a great experience with eSIMs these past few days during a trip to Europe (coming from the US). It's so convenient to be able to arrive at a city and use airport wifi to download a mobile data package for a few bucks. The process is slightly clunky but not bad at all.


I'm in Europe and I've had very poor experiences with local carriers in getting an eSIM :( Most of them outright refuse unless you are on a mobile contract plan with them (I'm not, I hate contracts so I only use prepay). On prepay they don't want to support it here in Spain for whatever stupid reason even though I've had my prepay number for 10 years. They also levy much more restrictions on the whole ordeal: Usually only locally sold models are allowed. So you can't use a Dutch Samsung phone with a Spanish eSIM. I'm really annoyed with this because the whole idea of eSIM was to make things easier for the customer, not harder and more restrictive.

Perhaps the carriers that specialise in temporary data contracts for travelers are ok, but local permanent carriers are crap with this.


> the whole idea of eSIM was to make things easier for the customer, not harder and more restrictive.

I remember reading an article in a French newspaper about how carriers were "uncomfortable" with the eSIM because it severed "the last connection" between them and their customers. The latter would basically no longer have a reason to "interact" with the former.

I don't quite see how that's a bad thing. The less you have to deal with "those people" (and this works from either side), the better it is, no? In my case, the last time I've "interacted" with my carrier was some 10 years ago when my phone got stolen, and I had to get a new SIM. Other than that, I pay them every month and they make sure my phone works every month.

At least with my carrier, it's cheaper to get an eSIM than a physical SIM. I didn't actually get one, since I've had my current SIM for a very long time. They basically charge for the "SIM service", and there's a separate charge for the physical part if you get it in a brick & mortar store, or for shipping if you want it delivered.

> Usually only locally sold models are allowed.

How can they tell, are there still country-specific models? I know people from the US and from Russia coming to France, popping a local SIM in and being in business. These were all iPhones, though.


> I don't quite see how that's a bad thing

But how is the carrier going to "engage" you? How are all the people involved in sales and marketing there going to justify their job?

A carrier that operates fully automatically with minimal customer interaction could indeed be more profitable, but it's politically impossible for any established company to transition to such a model since it would obviate the need for many positions there - those same positions rely on the current status-quo (no matter how mediocre) and will fight any attempts at improving efficiency.

(this is not limited to carriers, any large legacy company has the same issues - lots of positions are just there to create work to sustain other, equally-useless positions, while the new output of the system being zero or even negative).


> because it severed "the last connection" between them and their customers. The latter would basically no longer have a reason to "interact" with the former.

I love how they put this because it's exactly how I phrase my general objection to and avoidance of SaaS and other kinds of services. I do NOT want to have a relationship with every single vendor. Managing relationships is costly. Most of the time, those relationships are highly abusive towards the customer. And they're almost always artificial anyway; they exist entirely to let the vendor keep a sales channel open. That's exactly what I do not want as a customer.


>I remember reading an article in a French newspaper about how carriers were "uncomfortable" with the eSIM because it severed "the last connection" between them and their customers.

That's a very delicate euphemism for "eSIM makes it easier to switch networks, which would increase churn and eat into our margins".


> The less you have to deal with "those people" (and this works from either side), the better it is, no?

The less contact, the less opportunity to upsell you to something that provides them recurring revenue.

It's all about rent seeking ("passive income") these days, everywhere.


People use Airalo app to buy eSIMs, wherever they travel to. One can buy eSIM even before you land in foreign lands. I don't have experience with Airalo, but many recommended that app on this site.


Ah ok, but that's only for temporary use, it's not intended for real permanent usage, right?

I'll consider it if I ever travel outside of europe though (roaming inside EU was fixed several years ago luckily).


This might be because most countries nowadays require a photo ID for SIM cards. The Netherlands, UK and US are among the few that don't (yet).

https://prepaid-data-sim-card.fandom.com/wiki/Registration_P...


Photo ID? Then how do you get an anonymous burner phone? Order it online somehow?


In an increasing number of places, you don't (except perhaps by forcing or convincing someone to let you use their identity). Where I'm at right now, receiving SMS or making phone calls require a subscription with photo ID and physical address - prepaids and travel SIMs are data-only these days. The latter ones also require photo ID for service activation.


The whole rationale of the laws in these countries is that you shouldn't be allowed to get one.


But why? It's not anyone's business but my own. If a snotty call phone rep insisted on a treating me like a teenager at a bar they would be some talking and not from my mouth.


For instance, Eurolink eSIM card with 180 days validity can be had for 180 euros on Airalo.com. They also have re-chargeable eSIMs, just you need to top up just before it expires.


Ah but that is really really expensive :)

I can get a local SIM with 50GB data that is available with a 10 euro topup each month.

Don't forget the purchasing power in Europe is much lower than in the US (especially southern Europe). For this reason local carriers are a lot cheaper too.


If argue that it's the opposite as there is competition and in civilised European countries there is working regulation etc, not like the US where carriers are able to lobby and cheat to maintain their monopolies - case in point I have unlimited everything (Inc 5g, except MMS) in country and 64G in the rest of Europe for about 30 EUR/mo


And you can have the same for a similar price in the States. The US cellular market is quite good. Have a look at Canada if you want to see what a cartel looks like.


Last time I was in the US it was pretty bad, I'm not sure comparing to the worst is fair but compared to Europe it's not so great - at the time I had T-Mobile but they differentiated different states etc as they may need roaming domestically - you're just not allowed to do that here


What do you mean by except MMS? That's not even data


While unlimited calls/SMS/data* is quite a common offering in Europe, MMS is often not included in such bundles and costs extra.

*Genuinely unlimited data - including tethering, no speed limits or soft caps where you get limited to 128kbps or anything like that after using 100GB.


Correct, advertising unlimited with caps is not allowed, unlike the US for example.

In my case they clearly have to say upfront on the cheaper unlimited, it's not rate limited until X but the caps have to be proportionate so it's still absolutely fine, they do have an "always on" thing for capped packages though, so you're never really cut off (data only which does not have such strict regulation as voice/SMS)


Technically it is data, but it's an archaic system that really should just go away and be replaced by something native to IMS/LTE+ but unfortunately legacy is hard to kill


What makes you think it's for temporary use? I've been using it for over a year as my only data plan.


Is the price cheap enough to do that? Last time I looked it was much cheaper to go with a local carrier almost anywhere I looked.


Cheap is relative. I pay about $25 for 20GB, which lasts me a month. Yeah, local SIM cards might have cheaper options, but I'm not complaining about $25 a month. I spend more on a single lunch.


The cost. The prices are very high.


I don't consider $25 for 20GB to be "very high". Of course, you can find cheaper. But $25 is less than a lunch in most places.


A lunch is most definitely not close to as high as $25 "in most places" unless you go for upscale fine dining, considering that $25 is above global daily median income.


Vodafone in Germany was happy to give me an eSIM for a prepaid plan, not even a store visit required (but it did require taking a photo of my ID and a identity verification video call where someone checks your video against the ID). I guess with AI-based video manipulation, a store visit may be required in the future...


> a store visit may be required in the future...

Or not, considering how store employees are treated and paid. It's probably much cheaper to bribe some low-level clerk than build & deploy a convincing AI spoofing solution.


They’re very useful. Although it’s sometimes hard to get eSIMs direct from carriers internationally since many only grant them on post-paid contracts.

SIM cards also have their place, however, which is why Apple’s take on it is weird. When traveling, especially with so much MFA (for better or worse) is linked to a phone number, it makes having your phone damaged a major issue. You can’t simply pop out the SIM and move it across to a new phone.

Even if you manage to get a new eSIM, most of the time you can’t activate it until you’re back in your origin country.

This as an issue (carrier or otherwise) needs to be addressed with some urgency.


This can easily be resolved by not buying an Apple phone and buying a phone that still retains a physical SIM slot.

Stop giving companies money for making stupid decisions. It only emboldens them further.


The Samsung Z Flip 5 has this too :( Only 1 real SIM and the rest only eSIM.

However it is a bit more understandable because the flip has very limited space due to the hinge components.


The USA versions of Apple's flagship phones (iPhone 14 and up) have ZERO physical SIM slots. They are dual eSIM only.

Models sold elsewhere in the world retain a single physical SIM slot.

Yes you read that correctly. They made multiple versions and the American one is deliberately crippled.

I'm certain the space regained by removing the SIM slot in a US-only variant has been repurposed for...absolutely nothing.

It defies logic why they would do this, beyond some grand social experiment they can execute with little risk due to cult-like monopoly control of the market.

I refuse to believe that they sold more than 12 of these SIM-less phones.


What?? I had no idea about this. I have not had an iPhone since the 6 so I haven't followed it that closely. I remember they offered eSIM for dualsim, I had no idea they were eSIM only in the US even for primary SIM use. Wow. This will so not work over here.

> I'm certain the space regained by removing the SIM slot in a US-only variant has been repurposed for...absolutely nothing.

Yeah, after all the specs are no different in any other way I guess?

Samsung is doing something similar here though. They leave out the mmWave antennas. On US models you can see the antenna cutouts on their premium models but in Europe there is nothing in that space, just empty.

It's a shame because while mmWave is not a thing here right now I don't buy my phones for just one year.


Specs typically vary slightly with LTE band support but nothing that would drive large mechanical changes. This was a deliberate move, an A/B test of sorts.

Good point on the mmWave support. I wonder if that's where the antenna is located. I don't care about mmWave, nor does anyone I know, so it doesn't even cross my mind.

mmWave is a dying tech. It will suffer the same fate as WiMAX. If this is the trade off (and it shouldn't be), I'll choose the SIM slot every time.


> mmWave is a dying tech. It will suffer the same fate as WiMAX. If this is the trade off (and it shouldn't be), I'll choose the SIM slot every time.

I think mmWave has a lot more staying power than WiMAX. WiMAX as deployed was an alternative network to general purpose cell phone networks. As a third alternative to CDMA/GSM and upcoming LTE, it didn't make a lot of sense in the market.

mmWave is deployed as augmentation to a network, mostly to increase capacity at hotspots like stadiums and maybe transit centers. Additionally it provides beneficial marketting, because network providers and handset makers can claim their network/device does huge bandwidth even if it's only true when you're the only person in a stadium.

Given that US iPhone 12 and up support mmWave, and that spectrum management is a challenge at stadiums, it's pretty likely we'll continue to see deployments in that space. Even if mmWave doesn't live up to the marketting, moving half the customers to it frees up traditional spectrum for those customers that don't have it.

Is it going to expand much beyond those situations? Maybe to airports and NYC train stations, but probably not beyond that. Is it ever going to be more than a small fraction of time connected for people other than stadium employees? No. Does that mean it's dying? No, it's just a constrained niche. Should you prefer a phone with or without mmWave? Depends on how often you go into situations with high person density.


Is it a meaningful alternative to Passpoint Wi-Fi in the scenarios you described?


Yes, but note that carriers will do all of the above. Use their licensed 'sub-6g' spectrum where traditional cell networks operate; make use of unlicensed spectrum for Passpoint Wi-Fi, use (licensed) mmWave spectrum.

Depending on the venue, they're likely to do a mix of whatever is most cost effective. But more spectrum, if usable by the handsets people actually have in their pockets is helpful.


Wi-Fi barely works in a hotel, how is it going to work in a stadium?


Last time I was at a stadium (4 months ago), it seemed to work pretty ok. I suspect that it's setup and maintained by a mobile carrier rather than whoever does IT for hotels is helpful. Most stadiums have a lot of days with minimal activity where you can do an intensive install and tweak session, but hotels are hard to take out of service, so kind of works is good enough.


That is where the antenna is located yes, You can see it in this teardown:

https://youtu.be/6CPFYwTOatc?t=304

It's a nice 5-element (in 1 direction of course) phased array. There seems to be no room for a second one so if you use mmWave you'll have to make sure not to cover it with your hand. Non foldable ones usually have two for that reason.

Edit: oops you weren't talking about the flip but the iPhone. In that case, no I don't think the mm wave is where the sim slot was but not 100% sure.


I don't have the time to look, but I saw a YouTube video where someone swapped the dual physical sim daughterboard from a Chinese iPhone into an American one. It fit and it worked. I'm about 80% sure it was a dual eSIM only American model (14), but it's possible it was a single SIM/single eSIM one (13 and below). Anyways, I am pretty sure the space is there and is just unused.


Amazing, just found a video where they add a SIM slot to a US iPhone 14. The space is there and the slot just plugs right in. It required removing some resistors (to reroute the data lines from the eSIM to the slot). They didn't even cut a hole in the chassis for the SIM tray; they inserted the card before closing the lid.

This proves it was purely a marketing move which makes the decision even more insane.


As soon as a critical mass of carriers across the world adopt esim the space will absolutely be used for something else. Apple is forcing the issue, trying to force carriers to adopt it. No other phone company has the leverage that Apple does. They have a lock on the majority of high value customers. A carrier that does not support the latest iPhone will lose customers to one that does. I expect more countries to be esim only for the iPhone 15. I think China will be the big issue, don’t think any carriers there support it. And of course the carriers there aren’t exactly subject to competitive pressures.

As to why Apple is pushing esim I can imagine several reasons. Number 1 is just the space in the phone itself. I also think that Apple would love a world where people didn’t go the carrier stores. More people would buy directly from them and then get pitched all the Apple stuff instead of the carrier’s. Everything from accessories to insurance. I do think the world will much better once carriers are reduced to utilities and I think widespread esim usage would go a long ways towards that.


This assumes that carriers want to go eSIM only. Do they? What’s in it for them? They will lose customers with older phones.

iPhones are irrelevant in most of the world. Unless Samsung and Xiaomi decide that they also want to ditch physical SIM, it’s not going anywhere.

From the perspective of the rest of the world, eSIM-only phones seem bizarrely crippled. Why would I want a phone that I can’t use in every country? Just another case of the US not understanding the rest of the world.


Oh, the carriers hate it. Apple is the only company that can bend the carriers to their will. China is their one market they can’t lord over the carriers. How will they lose customers with older phones? The carriers can still offer SIM cards alongside eSIM.

I think you’ll find that iPhones are used all around the world. They are ubiquitous in the US so people tend to scoff at them being held up as a status symbol but they absolutely are in the world at large. If you look at who is using iPhones in the countries you say the iPhone is irrelevant in you’ll see it is the wealthy and the ones that want to emulate them. Those are the customers the carriers want to have. hell those are the customers every company wants. My guess is that Apple is giving carriers a few years to get on it before being left behind by iPhone users.

I wonder if Apple has any other long term plans with esim? Will they have their own MVNO offering? It would fit in with their services expansion goals.


> They’re very useful. Although it’s sometimes hard to get eSIMs direct from carriers internationally since many only grant them on post-paid contracts.

Exactly, this is a huge problem for me because I don't do post-paid (after one bill with unintended overage charges, I much prefer them just cutting me off until I pay again).

The sim swapping being controlled by the provider (every time you need a new QR and they need to 'grant' it to you) is more restrictive too, and they usually enforce only models they sell directly. It's a real loss of flexibility that we used to have with hardware SIMs.


> SIM cards also have their place

They're trying to kill physical SIM cards like they did with CDs. They only have their place insofar as you can say 'I can touch this, and also swap it out with another one' / otherwise 'tangible computing'.


Killing off physical SIMs is like arguing in favor of soldered RAM.

Because that's all eSIMs are you know. They are not software SIMs. They are physical components with the additional capability of being provisioned remotely by the end user with a friendly UI that sometimes works.

Moving physical SIMs (and thus your service) from a damaged, inoperable phone to a new one takes approximately 5 seconds. This cannot be improved upon with eSIM.

That said, eSIMs have their place too, especially in the industrial IoT space. But completely eliminating physical SIMs from consumer handsets is beyond stupid.


For those with multiple phones, how easy is switching back and forth?


Unfortunately, the support for transferring eSIM between devices is not universal and some operators choose not to support it and charge money for each transfer(i.e. charge money to generate a QR code). The tech is fine but the greedy telcos don't miss the opportunity to screw us over.


Really makes me appreciate how good we have it here phone-wise in ireland. You can't be charged for number porting, and the carrier gets a fine if they can't do it in 24 hours. (usually instantaneous) No idea if it's the same with eSIM.

Plus, you can usually keep using the sim from your old carrier and the same number when you switch providers. (sometimes sims need replacing when network upgrades happen)


Well crap. I guess for the foreseeable future it’s an iPhone 13.


Fun fact: Singapore doesn't support eSIM at all. Very strange, given that that country is relatively progressive when it comes to tech.


Anything from Harald Welte (LaF0rge) is awesome. He's the world's best GSM / Phone hacker / explainer


Why did they change ccc to be at the same time as defcon instead of end of year?


They didn't. This is from Chaos Communication Camp, which takes place every fourth summer. It's the annual Conference that happens in December. The dates for this Camp was announced prior to Defcon dates.

If the conflict is actually intentional after all, I'd also be curious around the history of that.


Good to know but FYI, defcon/blackhat US are the same dates every year i can remeber


Defcon dates are slightly different each year and this is the first time they collide. CCC dates were set pre-covid.

https://en.wikipedia.org/wiki/DEF_CON#Venues,_dates,_and_att...

https://en.wikipedia.org/wiki/Chaos_Communication_Camp


Esim is a death for featured phones.


Do "feature phones" even use feature phone (=embedded, RT) OSes anymore? I assumed they all used KaiOS or Android under their easy-to-use UIs.


Android is not easy to use by any stretch of imagination.


Nothing stops feature-phone vendors like Nokia to implement e-sim on their newer lineup.


Newer lineup is not even close to a good phone because of:

1. Materials - newer phones are not even close in durability to 3310.

2. Logic of menu - old Nokias can be used without looking at display, new phones can update some UI statements after purchasing.

3. Display - colour displays are always less durable and almost always phones with such display has issues with too little font on some critical places. Compare any UI framework of any modern feature phone with a conception of three-line display where a letter/digit is never less than 1/3 of display height. Some versions of Nokias have increased font in typing a phone number case, I mean the numbers become 1/2 of display height which is handy for a low-sight person. Modern UI progress is a batshit compared to Nokia 1280.


We really dodged a bullet on eSIM. The implementation could have really sucked if the carriers controlled it from the start. Apple do a lot of dumb shit but they set a really high bar for an eSIM implementation for others to match.


But they do control it. This is a big problem in Europe. You can't get one on a prepay contract with most of the local carriers, they limit the phones they will allow them to be used on to only locally sold versions, and they often charge for a SIM swap or limit the amount of times you can change phones per month.

None of these limitations were present with physical SIMs.


> You can't get one on a prepay contract with most of the local carriers,

To be fair, on this particular point it can be incompetence. Telecoms have absolutely no skilled engineering capacity (third-world body shop is as good as it gets) and the entire thing runs on decades of duct tape and outdated, unsupported and vulnerable software.

The most likely reason for this not to be possible on prepay is that prepay and postpay are managed by completely different systems and making the prepay system work with eSIMs would be too difficult, or maybe they tried, it broke, they rolled it back and have a "TODO" to fix that (of course the TODO will never be addressed).


Possible yes but why would it be the same for every carrier then?


Everyone uses the same backend(s).

For GSM carriers, esims add a layer of complexity because they are apparently bound to a phone. As you probably know, SIM cards can generally be swapped in.

This makes provisioning more complicated, because roaming. I never bothered to understand how GSM addressing and routing works, but I'm assuming this requirement makes things even harder to deal with.


In Thailand anytime a new SIM is activated an ID check is required. In the past I kept a SIM and I used to just move it between phones. Now when I want to move my eSIM between phones I need to go to the shop with my passport or do a video call with tech support and show my passport to them over the call. Such a pain in the ass.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: