Operator Lock-In for IoT Devices and How To Avoid It

Operator Lock-In for IoT Devices and How To Avoid It
Illustration: © IoT For All

If IoT is going to meet its potential and help power Industry 4.0, some aspects of IoT need to change. One major problem facing IoT solutions is SIM operator lock-in. When deploying a device with a SIM card, it’s standard to be locked into one connectivity provider.

Manually changing SIM cards is a way to avoid SIM operator lock-in. But IoT devices aren’t designed with replacing SIMs in mind. SIMs are often soldered onto devices and encased in plastic. Additionally, most IoT devices are in remote, hard-to-reach locales, making SIM swapping difficult.

To better future-proof your devices, it’s vital that you make sure SIM keys are your property when sourcing cellular IoT connectivity. When you control SIM keys for UICC SIMs, it’s possible to transfer operator credentials over the air (OTA).

Read on for information on how and why it’s important to eliminate vendor lock-in for cellular IoT devices.

What is SIM Operator Lock-In?

When you sign an agreement with an MNO or MVNO (mobile (virtual) network operator), a “vendor lock-in” clause is almost certainly included. A vendor lock-in in this case essentially means that the SIM cards you buy from the operator can only connect via their authority.

If you decide to change connectivity providers for your deployed fleet of devices, you must remove all SIM cards and put in new ones. In other words, the SIM cards you purchase are not completely yours.

Such lock-ins exist primarily for two reasons: operator codes and commercial decisions.

Operator Codes

One reason operators choose not to transfer ownership of SIMs is that they don’t want to expose sensitive credentials.

To transfer ownership of a SIM, you need to change the IMSI (International Mobile Subscriber Identity) on the SIM with an OTA update and give the new operator the derived operator code (OPc) and the encryption key (Ki) for each SIM.

Most (if not all) operators use a single Operator Code (OP) across all SIMs on their network.

OPs and the encryption keys (Ki) are used to create unique derived operator codes (OPc’s) for each SIM.

If a bad actor could obtain enough Ki’s and OPc’s, they would be able to figure out the operator’s OP. This information can be used to hack into other SIMs on that operator’s network. If this occurs, the network becomes vulnerable to DDOS attacks.

This security weakness is a big part of the reason why many operators will not hand over SIM keys.

Commercial reasoning

Operators don’t want to hand over SIM keys because they want to keep their customers.

In this scenario, it’s a commercial decision to not enable freedom to leave. Operators simply want to reduce customer churn by making it harder for a company to leave their service.

Because it costs a lot to change SIM cards on IoT devices by hand, you are less likely to leave.

What is Freedom to Leave?

Freedom to Leave is a concept in IoT that means companies have full control over SIM cards and how they work with operators. This is easiest to achieve when you own all of your SIM cards, including sensitive authentication credentials.

Operators who support Freedom to Leave will transfer SIM credentials (IMSI, OPc, and Ki) to a new provider.

Some IoT connectivity operators generate random Operator Codes (OPs) for each SIM. Therefore, bad actors would not be able to calculate a network-sensitive OP from OPc’s and Ki’s as it doesn’t exist. That’s why a few modern operators can hand over SIM keys without making themselves vulnerable to attacks.

What might surprise some people is that it has been possible to OTA update SIMs since 2003. You can read the original 3GPP overview here: Over-The-Air (OTA) technology – 3GPP TSG SA WG3 Security (PDF download).

What About eSIM (eUICC)?

Some of you might be thinking that eSIM (eUICC) offers a solution to the problem of SIM operator lock-in.

eSIMs allow users to remotely provision carrier profiles on SIMs. This means that the networks/carriers available on a SIM card can be updated OTA and there’s no need to manually swap SIMs.

However, there are still lock-ins when using eSIMs.

eSIMs (eUICC SIMs) require a record (ECASD) on them that contains details like the eSIM platform’s IP address. The ECASD is hardcoded onto SIMs and cannot be altered once it has been put in place.

So, your eUICC SIM will be locked to its first eSIM management platform, and as long as you use the SIM, you are stuck with the features—or lack thereof—of that platform.

Why is Freedom to Leave important?

We think Freedom to Leave is important because it will make it easier for IoT to flourish.

The ability to change operators 2, 5, and 10+ years after deploying devices opens up new possibilities in a solution’s lifetime and doesn’t artificially constrain commercial options.

Here is a summary of the 4 benefits of Freedom to Leave:

1) Improved Business Adaptability

Future-proof your business by having the ability to switch SIMs to another network operator. If an opportunity arises that requires the features of another provider, you should be able to change.

2) Enhanced Security Benefits for Devices

Operate your fleet with increased levels of protection against bad actors due to better SIM isolation. If a bad actor accesses sensitive information from one SIM, it won’t affect the rest of your fleet.

3) Lower Total Costs from SIM Card Replacement

Save money in the long run by reusing SIM cards on multiple devices. Not only will there be no need to purchase new SIMs, but there will also be no reason to replace them manually.

4) Less Waste and A Lower Carbon Footprint

Minimize your business’s footprint by reusing perfectly-functioning technology. Rather than discarding or recycling deactivated SIM cards, use them as long as they can function.

Plan For An Uncertain Future

You want control of SIM cards because technology is rapidly changing and the best decision for your solution today may not be the same in 2, 5, or 10 years.

If you decide it makes sense to switch to a different network operator, modern operators should assist in transferring the SIM credentials to another GSMA-certified entity.

When SIM profiles are handed over, the new operator will update the credentials OTA on the SIM cards and devices so they can connect to their network.

Freedom to Leave, although simple, is a critical part of future-proofing your IoT solution.

Onomondo helps new and existing IoT solutions to grow with seamless, global cellular connectivity and innovative IoT tools. Future-proof your solution with full data transparency, unparalleled flexibility, and no third parties.
Onomondo helps new and existing IoT solutions to grow with seamless, global cellular connectivity and innovative IoT tools. Future-proof your solution with full data transparency, unparalleled flexibility, and no third parties.