LaF0rge<p>Very interesting applied security research into the <a href="https://chaos.social/tags/GSMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSMA</span></a> <a href="https://chaos.social/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> universe, specfically the use of the JavaCard VM with its questionable security architecture depending on an off-card bytecode verifier in the context of the eUICC which inherently contains eSIM profiles of different [competing] mobile operators, each of which can install arbitrary Java applets into the same eUICC. <a href="https://chaos.social/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> <a href="https://chaos.social/tags/3GPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3GPP</span></a> <a href="https://chaos.social/tags/cellular" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cellular</span></a> <a href="https://chaos.social/tags/simcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>simcards</span></a> <br><a href="https://security-explorations.com/esim-security.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security-explorations.com/esim</span><span class="invisible">-security.html</span></a></p>