Hi Alan, > > My take on SIM PINs is that they are pointless. > > I would disagree somewhat. > > In an embedded environment they are of some value because > - the fs may well be crypted or otherwise protected and is probably on > flash > - the average car thief doesn't talk JTAG anyway > > The average car thief however does talk 'hammer and screwdriver' which > means that their ability to remove the SIM card is far higher than > their ability to extract a PIN from a lump of electronics buried > somewhere in a vehicle or other device. > > So I would disagree they are pointless merely imperfect as with all > security measures. And we can imagine a world in the future where the > crypto key to the fs on the car control system is contained in a > smartcard or is in a two wire chip buried in the ignition key ....[1] > > It's all a question of risk, ultimately yes a SIM PIN is imperfect on > any device because 'excuse me the object in front of you is an Uzi, I'd > like your phone and SIM code please' is going to be a failure case. > > That doesn't make it non-useful.
I can see where you are trying to go with this. Personally I think ensuring that the SIM card only works in that specific GSM unit by having some sort of IMEI check would be better. So having a way of using a "fixed" PIN might be desired for some special use case devices. However exposing this to other class of devices might be actually dangerous. Especially if people use their bank PIN as SIM PIN etc. Then access to the filesystem would reveal more personal information. Regards Marcel _______________________________________________ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
