Blog

How to Prevent SIM Card Misuse in IoT Devices

This is the fifth in a series of blog posts dedicated to the topic of IoT security to mark the launch of the EMnify Guide for Cellular IoT Security which you can download here. The previous post in this series included a useful video explaining how your IoT solution is secured with IoT cloud connectivity.

 

Cellular connectivity is a great way to connect your devices to an application in the cloud. The device works right away at the customer site without any additional network hardware and securely connects anywhere in the world. What’s more, including connectivity in your service offering also provides an additional customer-perceived value to your service delivery.

The previous blog post in this security series explained which cellular security features exist to prevent common IoT device malware attacks. This post will concentrate on the attacks that require physical access to the device. One concern most IoT solution manufacturers have relates to the SIM card – and the risk that it is taken out of device and misused by free riders to get unlimited cellular internet.  

Forum Blog post  


As explained in 
EMnify’s IoT device security guide, there are four security features that prevent SIM card misuse.  

1. Soldering SIM on the device - embedded SIMs 

One way to prevent SIM card misuse is by using embedded SIMs (MFF2). The SIM cards are soldered on the device and will break when removed. Additionally, embedded SIMs also have other desirable characteristics like vibration and shock resistance which is especially relevant for mobile IoT use cases 

2. IMEI lock  

The IMEI is the unique device identity number. By activating the IMEI lock feature, a SIM card will only function in the device it is assigned to. Best practice is to automatically lock the SIM card to the first device it connects to the network from, during the manufacturing process or at the customer siteIn the event the SIM card is put into a different device, it will be unable to connect to the network. 

3. Cellular Firewall  

A cellular firewall can prevent an attacker from misusing the IoT device itself for unwanted services. The firewall limits the IoT device’s communication to a set of whitelisted IP addressesmeaning a device can, for example, only communicate with the IoT application and other services required for proper operation.  

4. Service Limit  

As a last resort, one can configure a service limit per device to prevent unwanted and unexpected network cost due to SIM misuse. A level of legitimate network traffic is set for each month. If someone tampers with the device, and creates excess traffic to the application, the device will be blocked from service until further action within the service portal.  

Summary 

SIM card misuse can be cause for concern for IoT solution providers. Especially when deploying devices at scale, robust security features should be ensured to prevent SIM cards being moved from one device to another without permission. By using embedded SIM cards, automatic IMEI locks, cellular firewalls and service limits, IoT solution providers can guarantee that there are no cost surprises at the end of the month. To find out more about what cellular IoT best practices to consider for your business, download our new whitepaper 

 

The next post in this series explains how to prevent SIM card misuse in IoT devices.

 

What can your connectivity provider do for your device security? 

Check out our Guide for Cellular IoT Security
for 25+ best practices to ensure a secure IoT solution
for your business.
New call-to-action

Subscribe to the Blog

    Recent Posts