THANK YOU FOR SUBSCRIBING

'Out of the box' Secure Connectivity for eSIM IoT Devices
Nuno Teodoro, Chief Information Security Officer, TRUPHONE


Nuno Teodoro, Chief Information Security Officer, TRUPHONE
Connectivity is more than ever a key factor in the IoT landscape. It’s safe to say that one of the latest biggest evolutions for IoT was the migration from the traditional Physical Removable SIM to the Embedded SIM (eSIM). The eSIM brings the flexibility for connectivity that physical SIMs prevented, by allowing seamless access to different networks, over the air, ease of management and interoperability. Moreover, this new technology represents increasingly small chips, allowing IoT devices to be more compact, reduce battery usage and be more resistant. Swapping operator profiles without removing the SIM is now a reality, as well as storing multiple profiles on a single device, meaning that roaming and moving devices can now automatically navigate between network providers for better coverage and rates.
As always in the cyber world, global connectivity between devices represents both massive business opportunities and security threats. Some threats will surely surpass the ‘by default’ embedded device technical controls and become more relevant and predominant as the IoT ecosystem matures. Several recent events show that the materialization of these threats may represent physical harm through manipulation or failure of devices, impersonation and fraudulent usage and the capabilities to redirect connectivity from devices to provoke massive Distributed Denial of Service (DDoS) and botnet attacks.
With the rise of ease of connectivity leveraging the IoT world, several organizations are building standards, frameworks and guidelines to safeguard this emerging ecosystem and finding ways to provide assurance that the IoT devices’ purpose remains safe and controlled. Some of the most known and active sources are the OWASP IoT Security Guidance, the IoT Security Foundation that created the IoT Security Compliance Framework and the GSMA IoT Security Guidelines.
With that in mind, Truphone has created an ‘Out of the box’ secure connectivity for the IoT ecosystem leveraged by the eSIM.
Truphone operates a GSMA certified Remote SIM Provisioning (RSP) site in which operators around the world trust their operator credentials to allow network subscriptions to be provisioned over the air.
These operator relationships allow for the digitalization of the physical SIM card profile and forms part of an eSIM profile consisting of network identification, credentials and applications. Once provisioned, these profiles are stored securely and protected by FIPS 4 certified hardware security modules.
Truphone has created a secure environment that is certified against both the ISO 27001 and GSMA Security Accreditation Scheme (SAS) Standards and implements several best practices aligned with the OWASP IoT Security Guidance and IoT Security Compliance Framework.
It’s not just a small change in the IoT world. The eSIM will actively improve cybersecurity. On the very basics, it will practically remove all threats of device theft as there is almost no need for physical access to the device for connectivity purposes.
The removable nature of the SIM translates immediately into the risk of changing connectivity in one device from the original owner’s SIM to a new ‘owner’. Reselling stolen devices will be a hard task for thieves as in the moment an eSIM-enabled device is switched on it will have connectivity and could be instantly traced by the authorities or by the manufacturer.
This tracking capability would also be extremely useful on a larger, industrial scale. Vehicles, equipment, and any other hardware with eSIM connectivity would be locatable at all times, so accidental loss or deliberate theft could be quickly remedied.
We are entering a new era in the IoT ecosystem, and Truphone believes that as eSIM becomes the de facto connectivity, these benefits will be increasingly evident. Security comes from an ‘out of the box’ connectivity for eSIM IoT devices, from the continuous ability to track and manage connected devices.

Truphone operates a GSMA certified Remote SIM Provisioning (RSP) site in which operators around the world trust their operator credentials to allow network subscriptions to be provisioned over the air.
These operator relationships allow for the digitalization of the physical SIM card profile and forms part of an eSIM profile consisting of network identification, credentials and applications. Once provisioned, these profiles are stored securely and protected by FIPS 4 certified hardware security modules.
Truphone has created a secure environment that is certified against both the ISO 27001 and GSMA Security Accreditation Scheme (SAS) Standards and implements several best practices aligned with the OWASP IoT Security Guidance and IoT Security Compliance Framework.
It’s not just a small change in the IoT world. The eSIM will actively improve cybersecurity. On the very basics, it will practically remove all threats of device theft as there is almost no need for physical access to the device for connectivity purposes.
The removable nature of the SIM translates immediately into the risk of changing connectivity in one device from the original owner’s SIM to a new ‘owner’. Reselling stolen devices will be a hard task for thieves as in the moment an eSIM-enabled device is switched on it will have connectivity and could be instantly traced by the authorities or by the manufacturer.
This tracking capability would also be extremely useful on a larger, industrial scale. Vehicles, equipment, and any other hardware with eSIM connectivity would be locatable at all times, so accidental loss or deliberate theft could be quickly remedied.
We are entering a new era in the IoT ecosystem, and Truphone believes that as eSIM becomes the de facto connectivity, these benefits will be increasingly evident. Security comes from an ‘out of the box’ connectivity for eSIM IoT devices, from the continuous ability to track and manage connected devices.
Weekly Brief
Read Also
Asset Management in ongoing turbulent times - Communication remains key, but a sense of understanding and risk tolerance is vital
Hildur Eiriksdottir, Director Asset Management, Íslandsbanki
There is a storm coming in
Iacopo Ghisio, Head of Tech Innovation and Product at Gruppo Mutui online spa
Artificial Intelligence regulations and its impact on medical devices
Leo Hovestadt, Director Quality Assurance Elekta.
Will data protection law reform open the door to easier international data transfers?
Kitty Rosser, Legal Director, Head of Data Protection at Birketts
Put your Frontline Teams in the Driving Seat through a Personalized, Customer-Centric Approach
Tatiana Sorokina, Executive Director, Analytics Products, Novartis
Cybersecurity Enabled by Zero Trust
Raj Badhwar, Svp, Chief Information Security Officer, Voya Financial, Inc.

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info