Afaik simcards run a simplified version of Java that has full hardware access and can be updated remotely. I don’t see how it can possibly get any worse than that.
Nope, they are computers that run a Java-based OS.
If we want to talk about smartcards in general (contactless, chip-based, dongle-based) some of them only store/retrieve data, some only store a single unchangeble identifier, but others like banking cards & transit cards tend to run a small operating system that you can talk to, and even run applications on.
With a cheap USB card reader, you can actually interact with the operating system on a chip-based bank card using Linux
I’m no expert in the matter however this is what I understand from it.
Chips like the one in your debit card are fully fledged computers and do run software. When you plug it into something it receives power and interfaces with the other system. That’s why it is secure, because like a pc it can use encryption etc.
Come to think of it, they must also be able to run with the low power provided by near field transmission, aka contactless payment.
Anyhoots the same kinda chip is on a simcard.
As far as I understand it they run a more limited version of Java, has full access to your hardware including being able to read all memory, and being updatable remotely.
You might also be interested to know that modern hardware commonly has such secondary computers with full access built in. Take the intel management engine for example, which is part of every modern intel cpu. However there are privacy oriented companies that disable these.
The real question is who has access to these things and what are their interests. It might not necessarily be a malevolent actor. It’s one of the challenges of our time to answer questions related to these topics.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Afaik simcards run a simplified version of Java that has full hardware access and can be updated remotely. I don’t see how it can possibly get any worse than that.
It doesn’t have full hardware access, it’s sandboxed.
I’m no expert in the matter, I learned it from a def con-like talk.
Nvm that may be a GrapheneOS only thing, idk
Well if it’s anything like the IME then you can disable it on a hardware level, and an OS wouldn’t have any control over it.
What do you mean by simcards “run”? I thought they only stored data?
Nope, they are computers that run a Java-based OS.
If we want to talk about smartcards in general (contactless, chip-based, dongle-based) some of them only store/retrieve data, some only store a single unchangeble identifier, but others like banking cards & transit cards tend to run a small operating system that you can talk to, and even run applications on.
With a cheap USB card reader, you can actually interact with the operating system on a chip-based bank card using Linux
I’m no expert in the matter however this is what I understand from it.
Chips like the one in your debit card are fully fledged computers and do run software. When you plug it into something it receives power and interfaces with the other system. That’s why it is secure, because like a pc it can use encryption etc.
Come to think of it, they must also be able to run with the low power provided by near field transmission, aka contactless payment.
Anyhoots the same kinda chip is on a simcard.
As far as I understand it they run a more limited version of Java, has full access to your hardware including being able to read all memory, and being updatable remotely.
You might also be interested to know that modern hardware commonly has such secondary computers with full access built in. Take the intel management engine for example, which is part of every modern intel cpu. However there are privacy oriented companies that disable these.
The real question is who has access to these things and what are their interests. It might not necessarily be a malevolent actor. It’s one of the challenges of our time to answer questions related to these topics.
Yeah I knew about nfc. That’s kinda wild. Didn’t realize it could actually process anything on card.
It is called Java Card https://www.oracle.com/java/java-card/