Why Are SIM Cards Still a Thing?
Cell phones have been revolutionized many times in 20 years, why have SIM cards stayed pretty much the same?
Image: MIKI Yoshihito/Flickr
On July 1, 1991, Harri Holkeri, then prime minister of Finland, called the vice-mayor of the city of Tampere in the world's first cell phone call on what was at the time a brand new, revolutionary mobile phone network known as GSM (Global System for Mobile Communications), now a standard all over the globe with more than 4.7 billion subscribers.
That call was made possible, in large part, by the world's first commercial model of the "Subscriber Identity Module," better known as SIM card: a gold-plated circuit chip that allows phones to securely connect to the network and identify themselves.
At the time of the first commercial GSM call, the hottest cell phone was "The Brick," made famous by the likes of Gordon Gekko or Saved By The Bell's Zack Morris. It's now been almost 25 years and cellphones have gone from unwieldy bricks that could only do one thing to shiny gadgets that can take pictures, play music, let us surf the internet, and get directions, on top of their supposed primary function: making phone calls. Compared to the phones themselves, the SIM has hardly changed at all, other than getting smaller and considerably harder to stick into the fidgety trays of whatever latest model of shiny gadget you own.
Given how much cell phones have evolved and changed, why do we still use this 25-year-old technology inside our phones?
SIMs have the vital role of making sure the person trying to use a cell phone to make a call is a legitimate subscriber. Translation: He or she is paying some carrier to connect to its cell phone towers, and nobody else is using the same number on the network.
To achieve those two goals, SIMs store two very important pieces of data: the IMSI, or International Mobile Subscriber Identity, a unique number associated with the subscriber; and the Authentication Key, or "Ki," a secret encryption key, which essentially allows the phone to perform a secret "handshake" with the network and make sure the carrier recognizes and verifies the phone, encrypting all data exchanged from then on.
"SIM cards have provided the same function for 25 years: authenticating a subscriber to a phone network," Karsten Nohl, a cryptographer and security researcher told me. "The need for this very basic function has remained through all phone generations, hence the SIM appears to never have changed. Under the hood, SIM cards do change with every technology generation, though."
With the switch from 2G to 3G SIM cards evolved to create longer and more secure keys, and with 4G they now can authenticate internet voice calls, or VoIP, calls too. Moreover, SIM cards can now also act as contactless cards, expanding their potential applications, Nohl explained.
The basic connectivity functions they provide to phones, however, don't really require a separate physical card like the SIM we've grown used to. This data could be programmed right into the device—and it's not even cutting edge technology. Sprint and Verizon, which use the GSM-alternative CDMA cell phone network, didn't use SIMs until very recently, when they had to go back to SIM cards for their 4G LTE networks. At the same time Apple and others have long been pushing for what's known as the eSIM, a reprogrammable SIM card that's embedded within cell phones themselves and cannot be removed.
That's why, for some, it's time for the SIM card to die.
"The fact is, the SIM could have been replaced long ago with a simpler alternative: typing in a user identifier and password directly into the phone is an option—just as we do to access WiFi," Markus Kuhn, a computer scientist at the University of Cambridge, wrote last year. "All that's needed is a new standard interface for mobile operating systems such as Android or iOS that would allow apps (software) to take over the functions of the SIM (hardware)."
For phone manufacturers like Apple, that'd be great news. It would allow the company to have complete control over all the hardware inside the phone (they could get rid of the SIM card tray, and have an easier time trying to make the phone water-proof). It would also take SIM makers and carriers out of the equation, making switching cell phone brands a little harder. In that future, to abandon the iPhone for an Android phone you'd probably need Apple's help to port your cell phone number, whereas now you can just take your SIM card and put it into your new phone (as long as the phone is unlocked).
For SIM manufactures and carriers, a switch would, obviously, be bad news, as consumers would now be able to more easily switch between carriers. In that future, you can now travel abroad, and log into the local cell phone network all from your phone, without having to go to a local store to subscribe to the network and get a physical SIM card.
So why isn't this the reality yet? The answer is complicated, but it boils down to the fact that there is no one stakeholder who can change the status quo by itself.
SIM cards are "a good example of an interdependent system that makes it difficult for anybody to change until everybody changes," Henning Schulzrinne, a professor of computer science at Columbia University, told me.
For Nohl, "the reasons are mostly political," given that we already have technology inside the phone to replace the SIM, but "mobile networks want to maintain a strong customer bond, however, and not leave the decision of which network is used purely to Apple. Hence, they insist on physical SIM cards."
For the system to change, carriers and manufacturers will have to work together and agree on what will be the next standard and that, according to Schulzrinne, might take years. So despite what some might have you believe, the SIM card isn't going anywhere, at least for now.
But that might be a good thing after all. Physical SIM cards make it pretty easy to use your phone with different carriers (which is especially convenient if you're travelling). And despite the infamous hack of the SIM card manufacturer Gemalto, where the NSA stole the SIM encryption keys to eavesdrop on phone calls, they're still up to the task of securing our phone calls.
"SIM cards are pretty secure compared to the phones they live in," Nohl said.
Looks like we'll have to deal with sticking those little gold-plated cards into frail, fidgety trays for a while longer.
Why Is This Still a Thing is a column exploring the anachronistic, seemingly-outdated technology that surrounds us. New columns appear every Friday.