Theoretically, if one of the carriers you were using were to be hacked, the attackers could extract all your keys, including for other carrier profiles.
It's an interesting attack vector for intelligence agencies. Imagine you're going to China and install a Chinese eSim profile as secondary to get cheaper data. The Chinese govt, in collaboration with the carrier, could then use that profile to dump your American AT&T keys.
In the telecom world, there's no forward secrecy (there can't be with symmetric crypto, which is what it's all based on), so such an attack would let the Chinese intercept all your communications.
Thank you, your explanation helped me understand that the profile can itself be an application (and thus can be an exploit), and that different profiles/applications are not isolated from each other. I will be careful installing profiles from untrusted sources on my phone*.
Is there a remote attack vector against my phone/eSIM which doesn't require first compromising the network service provider? Not that I'm dismissing other vectors as unimportant, just trying to learn more.
* - I do realize that a network operator viewed as "trusted" may be untrusted under the right circumstances, like sufficient pressure from sufficiently official or powerful actors.
That would indeed be catastrophic, but from the attack as demonstrated, I don't think we can conclude that that's possible.
As I understand it, the attack as demonstrated is extracting the eUICC provisioning private key from the context of a SAT applet, but what you're describing would be extracting the keys of eSIM profile A from the context of eSIM profile B of an unrelated carrier.
It would be great to know whether the researchers have looked into that, as it sounds like a much bigger problem if possible.
There are three things in the report that make me believe that it would be possible to get the secrets from eSim profile B from a compromised eSIM profile A if they are both installed.
Under "Notes" it says... The hack proves no security / isolation for the eSIM profile and Java apps (no security for eUICC memory content).
- app isolation is broken
Under "The warning call for mobile phone vendors"... Target eUICC chips may run some sensitive applications (digital wallets / payment, digital car keys, transportation cards, access / identification cards, etc.). In case of a successful eSIM compromise, the security / credibility of such apps may be affected.
- perhaps code for we already know this is possible, not talking about it yet...
And towards the end, under "Some recommendations"... always assume your apps, their logic, associated secrets and/or some eSIM content could be revealed (one compromised eUICC identity can be used to download and peek into eSIM of any MNO)
It's an interesting attack vector for intelligence agencies. Imagine you're going to China and install a Chinese eSim profile as secondary to get cheaper data. The Chinese govt, in collaboration with the carrier, could then use that profile to dump your American AT&T keys.
In the telecom world, there's no forward secrecy (there can't be with symmetric crypto, which is what it's all based on), so such an attack would let the Chinese intercept all your communications.