1

My goal is to make one of my android phones as secure as possible, hence the question: What is the most secure way for an Android phone to gain internet access? Options I (think I) have:

  1. The phone has it's own physical sim card. Threat I see: The sim card could be manipulated by an attacker with physical access to my phone or replaced. Inserting the sim card and then locking the sim card slot (with glue) isn't an option because I may need a different sim card from time to time if I go this route.
  2. The phone uses an esim card. Treat: I can't judge this because I don't know much about esim cards.
  3. The phone connects to a wifi hotspot of another less secure android phone of mine. Benefit: No physical treat because the sim card slot could be "locked" (with glue) so that I could at least see if someone tampered with the sim slot. Treat: There may be a risk of infection over wifi if the phone which provides the hotspot is infected but I don't know how far fetched this is.

The answer I'm looking for is not an academic/theoretical one (everything is possible in theory I guess) but a practical/heuristic one.

Threat model / assumptions:

  • I'm worried about physical attacks (attacker having access to both phones mentioned above when I'm not around) as well as an attacker who may have hacked my my less secure phone (without me being aware of it). I'm pretty sure sure no generic Android malware is capable of doing any harm here so I worry about targeted attacks.
  • I'm not overly concerned with someone "only" reading unencrypted traffic leaving my "to be secureed phone" and more concerned with an attacker who would have "deeper" access for example to everything I type on the "to be secured phone" or who can see what I see on screen or an attacker who redirects me to a fake login of a site I use.
  • Assume Android 11 on all phones.
Manuel
  • 33
  • 3
  • What should an attacker gain by swapping your SIM card? If you don't use insecure protocols then this has no effect. And if you fear governmental attacks then I have bad new to you: your mobile network provider can reconfigure your SIM card (which is a mini computer on it's own) at any time over the air, or change something in the network of the provider so your device is even involved. – Robert Feb 20 '22 at 16:57
  • An attacker could exploit vulnerabilities in "Java Card", https://www.securityweek.com/many-vulnerabilities-found-oracles-java-card-technology – Manuel Feb 21 '22 at 16:38
  • When I understand the article correctly the attacks require you to run code on the smartcard. But neither banks nor mobile network operator allow anybody to execute anything than their own code on such cards. Therefore these attacks are possible if you have an "open card" but typically all smartcard you get are closed so you don't have access to the card OS or the java card part itself, only the installed applets can be used. – Robert Feb 21 '22 at 16:52
  • @Robert maybe a good point but it seems this can be circumvented: https://security.stackexchange.com/questions/77532/sim-card-malware-advice. Apart from that, if an attacker can insert a sim card of their own making does your argument still apply? – Manuel Feb 21 '22 at 16:55

1 Answers1

0

tl;dr: eSIM is probably the safest (my confidence is not too high though, read below).

The basic choice is between using either a wifi hotspot and SIM/eSIM. Between those two, wifi hotspot seems to have more of an attack surface and seems to be the more common/easy attack. I am not super confident about this though. I just read a lot of Stackexchange answers on the two topics and that is my vague conclusion! I have NOT found a discussion which compares the two scenarios directly ((e)SIMvs wifi hotspot), only discussions on either separately.

ESIM is safer than SIMbecause the eSIM cannot be manipulated by someone having physical access to your phone and cannot (or is lot less likely at least) be manipulated in the supply chain (delivering the SIM) which is relevant for attacks exploiting vulnerabilities of "Java Card" (SIM card malware advice). Also, I guess, the chance of being exposed to the type of SIMattack that allows for the Simjacker exploit (see https://www.blog.adaptivemobile.com/simjacker-frequently-asked-questions%3fhs_amp=true) is a lot less likely with an eSIM compared to a SIM because eSIM are "new tec" and we can (hopefully) assume that phone manufacturers are aware of this exploit by now (more so than some "stone age" SIMproviders in some countries, see the Simjacker technical report from adaptive mobile which has a map with countries in which SIM providers still ship vulnerable SIM card (configurations)). With that said, regarding the most common form of SIM attack ("SIM swap attack") eSIM and SIM are no different.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Manuel
  • 33
  • 3