Privacy

39915 readers

502 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks (thehackernews.com)

submitted 2 days ago by mas@jlai.lu to c/privacy@lemmy.ml

1 comments fedilink hide all child comments

New eSIM vulnerabilities in Kigen eUICC cards expose billions of IoT devices to potential cyberattacks.

top 1 comments

sorted by: hot top controversial new old

[–] mic_check_one_two@lemmy.dbzer0.com 5 points 1 day ago* (last edited 1 day ago)

Successful exploitation requires a combination of specific conditions. An attacker must first gain physical access to a target eUICC and use publicly known keys," Kigen said. "This enables the attacker to install a malicious JavaCard applet."

If an attacker has physical access, they can do whatever the fuck they want with the device. All bets are off.

If I had physical access to a server, I could just fucking drop in my own hard drive full of malware if I wanted to. It doesn’t matter how good the security software/firmware is on the server, when I can physically remove that software/firmware and substitute my own. That doesn’t mean every single server is “exposed to malicious attacks” as is colloquially known.