top | item 42561823

(no title)

deadso | 1 year ago

Is there any sandboxing to prevent access from the SIM card computer to information on your phone? And if so, absent of some (admittedly not very unlikely) 0day allowing sandbox escape, what would a malicious SIM program be able to do?

discuss

immibis|1 year ago

Yes, the card is a peripheral device to the phone - a hardware security key. It can't steal all your data for the same reason your Yubikey can't.

Answer delayed by hours due to HN rate limiting.

devops99|1 year ago

Basically this.

And, hopefully your USB stack, or your phone's equivalent to SIM interface, doesn't have vulnerabilities that the small computer that is the SIM card could exploit.

Operating systems that center their efforts on protecting high risk users like Qubes dedicated a whole copy of Linux running in a Xen VM to interface with USB devices.

It'd be great if more information were available on how devices like Google's Pixel devices harden the interface for SIM cards.