Cloudflare Launches New Security eSIM for Phone-Level Protection

Cloudflare today announced Zero Trust SIM, a security eSIM designed to provide phone-level protection and data privacy to smartphone users, corporations looking to secure their employees’ phones, and carriers selling data services.

Zero Trust SIM secures all data packets sent by a smartphone and is locked to the device it is assigned to as a countermeasure against SIM-swapping attacks. The eSIM can be used either in a standalone configuration or alongside Cloudflare’s mobile agent, WARP.

“Zero Trust SIM provides defense in depth. A VPN layer is one of those components, but doesn’t remove the need to still deploy cellular connectivity across all of your mobile devices today, and traditional ‘AnyConnect-style’ VPNs do nothing to stop attackers moving laterally once they’re inside the VPN,” Cloudflare CTO John Graham-Cumming said in a recent interview.

“We continue to see organizations breached due to challenges securing their applications and networks, and what was once a real-estate budget is quickly becoming a ‘secure my remote and distributed workforce’ budget from an IT security perspective.”

According to Graham-Cumming, Zero Trust SIM will enable Cloudflare to rewrite all DNS requests leaving a device to instead use Cloudflare Gateway for DNS filtering. In addition, the technology can also be used as another security factor. Combined with hardware keys, that would make it nearly impossible for bad actors to impersonate an employee.

Such measures are pretty pertinent right now, especially after popular ride-hailing platform Uber was recently hacked through a social engineering attack where the perpetrator obtained and used an employee’s credentials to gain access.

Cloudflare’s timing for Zero Trust SIM also lines up well with Apple’s push for eSIM in the U.S. with this year’s iPhone 14 and iPhone 14 Pro. The company will initially launch Zero Trust SIM as an eSIM product — first in the U.S. — but also plans to launch physical SIM cards for the service down the line.

“Our intent is to start in the U.S., but quickly work to make this a global service — running a global network is a core part of what we do,” Graham-Cumming told TechCrunch.

“Although we’re early in development here, we’re already working on parallel initiative in the industrial internet of things (IoT) space (e.g., vehicles, payment terminals, shipping containers, vending machines). The Zero Trust SIM is, itself, a foundational piece of technology that unlocks a lot of new use cases.”

Cloudflare did not reveal pricing for Zero Trust SIM but said that it will be treated as part of Cloudflare’s existing Zero Trust platform in terms of billing. Graham-Cumming added that Zero Trust SIM will be compatible with most devices at launch, which is planned for sometime in the next few months.

Alongside Zero Trust SIM, Cloudflare also announced Zero Trust for Mobile Operators. While Graham-Cumming didn’t divulge many details about it, he said Zero Trust for Mobile Operators will be a carrier partner program that will allow service providers to offer subscriptions to mobile security tools from Cloudflare’s Zero Trust platform.

Operators can start signing up for the Zero Trust for Mobile Operators program today for more information.

In addition, Cloudflare previewed IoT Platform — a new offering designed to help enterprises manage all their IoT devices from one place. IoT Platform will handle ordering, provisioning, and managing cellular connectivity and security for IoT devices.