Fact-checked by Grok 2 weeks ago

Personal unblocking key

A Personal Unblocking Key (PUK) is an eight-digit security code unique to each in mobile networks using SIM cards, such as those based on and its successors, designed to restore access to the after it locks due to three consecutive incorrect attempts. This code, provided by the , enables users to reset the PIN and unblock the SIM, but entering an incorrect PUK ten times results in permanent SIM blockage, requiring a replacement. The PUK serves as a critical safeguard against unauthorized access, forming part of the SIM's layered authentication system alongside the PIN. Introduced as an integral component of the first SIM cards with the rollout of technology in 1991, the world's first digital cellular standard developed by the , the PUK emerged to support secure subscriber authentication. Early SIMs, produced by companies like , incorporated the PUK in specifications such as 11.11. Over time, as mobile networks evolved from to and beyond, the PUK mechanism persisted in SIM and embedded SIM () architectures, adapting to support features like remote provisioning while maintaining its core unblocking function. In practice, users obtain the PUK from their carrier's documentation, such as the SIM packaging or online account portals, as it is not stored on the device itself to prevent easy extraction. The PUK remains a foundational element in global , protecting billions of -enabled devices.

Overview

Definition

The Personal Unblocking Key (PUK) is an 8-digit numeric code that serves as a security feature for subscriber identity modules () in mobile networks, specifically designed to unblock a SIM after multiple failed attempts to enter the associated (PIN). This code, also referred to as a PIN Unblocking Key or Personal Unlock Code (PUC), represents the same unblocking mechanism in specifications. Each PUK is uniquely assigned to an individual SIM card by the mobile network operator, ensuring tailored protection for that specific module. Its application is scoped to SIMs used in GSM, UMTS, and LTE networks, encompassing both physical SIM cards and embedded SIM (eSIM) variants that adhere to compatible standards.

Purpose

The Personal Unblocking Key (PUK) serves as a critical for Subscriber Identity Module () cards in mobile networks, enabling users to reset a locked PIN after multiple incorrect entry attempts, thereby preventing permanent disablement of the SIM while upholding access controls. Defined in standards, the PUK allows authorized users to unblock the SIM and set a new PIN, ensuring continued access to network services without compromising the integrity of the authentication process. This function addresses the SIM locking , which activates after typically three failed PIN attempts to protect sensitive subscriber data such as the (IMSI). In the context of layered authentication, the PUK acts as a secondary security barrier that reinforces the primary PIN by requiring a unique, provider-issued code—usually an 8-digit sequence—that only the legitimate subscriber or operator possesses. This design ensures that even if an attacker gains physical possession of the and exhausts the limited PIN attempts, they cannot easily regain access without the PUK, thereby limiting unauthorized use of the device for calls, , or messaging. The PUK's immutability and specificity to each enhance user and prevent casual exploitation, as outlined in USIM application characteristics. By deterring brute-force attacks on the PIN through this escalation to a harder-to-guess secondary key, the PUK contributes significantly to overall mobile , balancing with robust protection against unauthorized access attempts. This approach avoids immediate SIM deactivation, which could inconvenience legitimate users, while imposing a higher computational and logistical barrier for adversaries attempting systematic PIN cracking. Such layered defenses are integral to the framework for securing mobile subscriber identities and transactions.

Technical Functionality

Relationship to PIN

The Personal Identification Number (PIN), also known as the Card Holder Verification code (CHV), is a user-configurable security feature on the consisting of 4 to 8 decimal digits (0-9). It serves as the initial access code required each time the is powered on or the is inserted, preventing unauthorized use of the SIM in case of loss or theft. The PIN is verified through the VERIFY CHV command sent to the SIM, which compares the entered code against the stored value; a successful verification grants access to the SIM's functions and resets the attempt counter. The PIN and the Personal Unblocking Key (PUK) are directly interconnected through the SIM's security mechanism to enforce escalating protections. If the PIN is entered incorrectly three consecutive times, the SIM enters a blocked state, denying all access and requiring the PUK for . In this scenario, the PUK— an 8-digit recovery code—must be entered via the UNBLOCK CHV command, which also allows the user to specify a new PIN simultaneously. Upon successful PUK verification, the SIM unblocks, the PIN attempt resets to three, and the new PIN takes effect, restoring normal operation. However, the PUK introduces its own failure threshold to prevent brute-force attacks: incorrect PUK entries increment a separate , and after ten consecutive failures, the is permanently disabled, rendering it unusable without replacement from provider. This linkage ensures that while the PIN provides everyday protection, the PUK acts as a controlled with stricter limits, balancing and security as defined in the specifications.

Unlocking Procedure

When a detects that the has been locked due to multiple incorrect PIN entries—typically three failed attempts—it displays a prompt requesting the entry of the Personal Unblocking Key (PUK). This 8-digit numeric code must be entered carefully, as it is hidden during input for security and verified by the SIM using the UNBLOCK CHV command (or equivalent UNBLOCK PIN in later standards), which also incorporates the new PIN. Upon successful PUK verification, the SIM unblocks, the new PIN is set as the active security code, and full access to network services—including calls, text messages, and data connectivity—is restored immediately. For embedded SIMs (eSIMs), the unlocking procedure follows the same verification and PIN reset steps but is initiated through the device's settings or a network provider's dedicated application, eliminating the need for physical SIM handling. The must clearly indicate which eSIM profile is being accessed during PUK entry to avoid confusion in multi-profile environments.

Acquisition Methods

From SIM Packaging

The Personal Unblocking Key (PUK), a unique 8-digit code associated with each , is commonly provided on the physical packaging supplied at purchase. It is typically printed on the back of the plastic holder or tray in which the is embedded, often alongside the PIN code. In some cases, the PUK may be located on an accompanying leaflet or booklet included with the packaging. This physical presentation allows users immediate access without needing external assistance, though the code is intended for one-time reference. Safe storage of this packaging is crucial, as the PUK is revealed only once and the materials are frequently discarded after SIM insertion into a device. Users are advised to retain the holder or leaflet in a secure to avoid future retrieval challenges. Earlier SIM card designs often displayed the PUK visibly on the plastic holder for straightforward access. In contrast, modern packaging from many carriers incorporates security features such as scratch-off labels covering the PUK, requiring gentle removal with a coin or to reveal it and prevent unauthorized viewing.

From Network Provider

Users seeking to retrieve a forgotten Personal Unblocking Key (PUK), an 8-digit code associated with their , can contact their network provider through official channels such as hotlines, mobile apps, or online portals. This process typically requires of the user's and to ensure , often involving provision of details like the device's (IMEI) number, the user's personal identification, or login credentials tied to the . Online portals generally employ secure methods, such as two-factor authentication (2FA), to sensitive information like the PUK. For physical SIM cards without retained packaging, or for embedded SIM (eSIM) activations which lack physical packaging, the PUK is typically provided digitally by the carrier at setup, such as in an order confirmation , notification, or . For instance, customers can access their PUK by signing into the My or as the owner or manager, navigating to the device overview, and selecting the option to view the PIN and Personal Unblocking Key under device management. Similarly, users log into their overview, proceed to the My wireless section, select the relevant device under My devices & add-ons, and choose to manage the device to retrieve the PIN Unlock Key (PUK). In international contexts, such as , subscribers can dial the toll-free IVR number 199 from another number to navigate the menu and obtain the PUK directly.

Security and Risks

Consequences of Incorrect PUK Entry

Entering an incorrect Personal Unblocking Key (PUK) multiple times triggers escalating security measures on the SIM card, with the number of remaining attempts typically displayed after each failed entry. According to GSM Association test specifications, the SIM card permits up to 10 incorrect PUK attempts before permanent deactivation. After the 10th failed attempt, the SIM becomes irreversibly locked, rendering it completely unusable for any mobile services, including calls, texts, or data access, and necessitating a full replacement from the network provider to restore functionality. This permanent lock poses a significant risk of data loss for information stored directly on the SIM card, such as contacts and SMS messages that users may have chosen to save there rather than on the device or in the cloud. Once the SIM is deactivated and replaced, access to this on-card data is no longer possible, though modern smartphones often mitigate this through automatic cloud backups via services like iCloud or Google Contacts, preserving synced information. Financially, obtaining a replacement SIM incurs direct costs from the provider, typically ranging from $5 to $20 depending on the carrier and plan type—for instance, $9.95 from Mint Mobile or around $10 from T-Mobile prepaid services—along with potential indirect expenses from service interruption, such as lost productivity during the 3-5 business days required for delivery and activation. Additionally, users must verify their identity with the provider to reassign the original phone number to the new SIM, which may involve further administrative fees in some cases.

Protection Measures

To safeguard the Personal Unblocking Key (PUK), users should store it in secure locations separate from the SIM card or device, such as encrypted digital password managers or masked physical notes that obscure the full code (e.g., recording it as fragmented digits resembling a phone number or coordinates). Avoid writing the PUK near the SIM card, like in a wallet or on the device itself, to prevent easy access during theft. Users must never share the PUK via , , or any digital means, as these channels are vulnerable to interception or unauthorized access. One alternative to mitigate PUK-related lockout risks is disabling the PIN entirely through device settings, such as on by navigating to Settings > Cellular > PIN and toggling it off, which eliminates the need for PIN entry and thus prevents accidental PUK activation. However, this increases vulnerability in theft scenarios, as a stolen can be inserted into another device without , potentially allowing unauthorized calls, texts, or two-factor authentication bypasses. Carriers provide user education on recognizing phishing attempts that target PUK codes, such as fraudulent messages or calls claiming urgent SIM issues and requesting the code for "," advising users to verify directly through channels without sharing sensitive details. These advisories emphasize ignoring unsolicited requests and contacting the provider via known secure methods to avoid scams that could lead to SIM permanent lock after multiple incorrect PUK entries.

History and Standards

Origins in GSM

The Personal Unblocking Key (PUK) was introduced in the GSM Phase 1 specifications developed by the as an integral component of the Subscriber Identity Module () authentication framework, enabling secure user verification in the emerging digital cellular system. This framework aimed to establish robust identity protection for mobile subscribers transitioning from insecure analog networks, where cloning and unauthorized access were prevalent due to the lack of tamper-resistant hardware like the . Designed specifically to mitigate PIN vulnerabilities—such as repeated incorrect entries leading to permanent lockout—without compromising overall integrity, the PUK provided a secondary layer for in the SIM's architecture. The first commercial deployment of PUK-enabled occurred in with the launch of Europe's inaugural networks, including Radiolinja in , marking the practical realization of these specifications in operational mobile services. The foundational standard for the PUK is ETSI TS 11.11, which details the SIM-Mobile Equipment (ME) interface and explicitly defines the PUK (Personal Unblocking Key) and PUK2 as the unblocking codes for the cardholder codes CHV1 (user PIN) and CHV2 (administrative PIN), respectively, enabling reset of blocked access to SIM functions under controlled conditions. This definition ensured interoperability across early implementations, with the PUK stored securely on the , separate from the primary key used for subscriber during challenges.

Evolution in Modern Networks

As mobile networks evolved from GSM to UMTS, the Personal Unblocking Key (PUK) mechanism transitioned from the Subscriber Identity Module () to the Universal Subscriber Identity Module (USIM) housed within the Universal Card (UICC). In specifications, PUK was defined as an 8-digit to unblock the after multiple failed PIN attempts, with a limit of 10 tries before permanent deactivation, as outlined in ETSI TS 51.011. This core functionality persisted in , with equivalents such as the unblocking keys for CHV1/PIN1 and CHV2/PIN2—known as PUK and PUK2—integrated into USIM to reset blocked personal identification numbers, ensuring compatibility with legacy devices while supporting enhanced authentication protocols like UMTS AKA. The TS 31.102 specifies that these unblocking procedures require administrative access conditions and are invoked via the AUTHENTICATE command, maintaining the security balance between user verification and . In 4G networks, the USIM architecture remained the standard, with PUK unblocking unchanged in principle to support seamless migration from . The mechanism continued to protect against unauthorized access by locking the USIM after three incorrect PIN entries, requiring the PUK for reset, as detailed in updated versions of TS 31.102. This consistency facilitated global , though additional USIM files for LTE-specific features, such as EPS location information, indirectly bolstered PUK's role in securing broader subscriber data. No fundamental alterations to the PUK procedure were introduced, prioritizing stability over redesign in line with 3GPP's backward-compatibility mandates. The rollout of New Radio (NR) further embedded PUK within the evolving UICC framework, adapting it to support 5G-specific authentication like while retaining the traditional unblocking process for CHV codes. In 5G deployments, PUK ensures resilience against brute-force attacks on user-level security, with the same 8-digit format and attempt limits, as affirmed in Release 15 and later specifications. This evolution emphasizes integration with advanced network slicing and , where USIM-protected keys like PUK contribute to end-to-end security without altering the user-facing procedure. A significant adaptation in modern networks is the incorporation of PUK into embedded Universal Integrated Circuit Card () technology for , enabling remote provisioning. GSMA standards define PUK as the PIN Unblocking Key within profile packages, allowing operators to deliver and manage it over-the-air during eSIM activation, which supports dynamic switching in 5G ecosystems. This shift from physical to virtual profiles reduces hardware dependencies while preserving PUK's role in mitigating lockout risks, as specified in SGP.22. Overall, PUK's persistence across generations underscores its proven efficacy in balancing accessibility and security amid network advancements.

References

  1. [1]
    [PDF] GSM 11.11 - ETSI
    This GTS defines the interface between the Subscriber Identity Module (SIM) and the Mobile Equipment. (ME) for use during the network operation phase of GSM as ...
  2. [2]
    https://www.htc.com/us/contact/productissue/htc/GUID-4DAE187C-A9DC-497E-8683-03F81206E77F/
  3. [3]
    SIM PINs and PUK codes: What are they? - Ting Internet Help Center
    A PUK (Personal Unlocking Key) is an 8-digit code that unlocks your SIM if the PIN has been entered incorrectly three times.
  4. [4]
    Apple iPhone - Unblock SIM PIN - Verizon
    The PIN Unblocking Key (PUK) is utilized to reset a blocked SIM card. Before proceeding, do one of the following depending on your type of service: Standard ...<|control11|><|separator|>
  5. [5]
    https://www.verizon.com/support/knowledge-base-206981/
  6. [6]
    PUK Code | How to find it and unlock your phone - Uswitch
    May 15, 2025 · Personal unlocking keys (PUKs) are needed when you've locked yourself out of your phone, or you want to switch from specific networks. Written ...
  7. [7]
    PUK code unlock | T-Mobile Support
    If a SIM PIN security code has been entered incorrectly multiple times, the SIM will lock and require you to enter a PUK code to use your device again.
  8. [8]
    [PDF] ETSI TS 151 011 V4.14.0 (2005-03)
    This document specifies the Subscriber Identity Module (SIM) interface for mobile equipment in a digital cellular telecommunications system (Phase 2+).
  9. [9]
    What Is A PUK Code? - SimOptions
    Jun 1, 2021 · PUK stands for Personal Unlocking Key. It is an eight-digit code that is used to unlock a locked SIM card. If unfortunately, you forgot your PIN ...
  10. [10]
    How to Unlock Your SIM/eSIM with a PUK Code | Rocket Mobile FAQs
    A PUK (Personal Unblocking Key) is an 8-digit code used to unblock a SIM card if you enter the wrong 4-digit SIM PIN three times.
  11. [11]
    https://www.3gpp.org/ftp/Specs/html-info/31102.htm
  12. [12]
    [PDF] Topics in Cell Phone Security - UC Berkeley EECS
    Aug 16, 2014 · SIM lock implementations typically in- clude countermeasures against unlock code brute-forcing, such as a maximum number of tries, or a ...
  13. [13]
    [PDF] GSM 11.11 - ETSI
    This GTS defines the interface between the Subscriber Identity Module (SIM) and the Mobile Equipment. (ME) for use during the network operation phase of GSM as ...
  14. [14]
    [PDF] ETSI TS 131 113 V7.0.0 (2007-06)
    ETSI TS 131 113 V7.0.0 is a technical specification for Universal Mobile Telecommunications System (UMTS) and USAT interpreter byte codes.
  15. [15]
    [DOC] TS.37-v11.0-Requirements-for-Multi-SIM-Devices.docx - GSMA
    When asking the user to enter a PUK code, the interface SHALL state which SIM is being accessed. ... For each SIM normal 3GPP selection procedures apply. User ...
  16. [16]
    3 ways to get the PUK code of your SIM card - Digital Citizen
    Sep 26, 2025 · If you can't see the PUK on the back, you might have to reveal it. Look for a scratchable area on the back of the plastic card, as seen on the ...Missing: 2010 | Show results with:2010
  17. [17]
    Best Methods Get PUK Code without Calling Customer Service 2025
    Get PUK Code from the SIM Card Packaging​​ In some cases, the PUK code might be hidden under a scratch-off panel. If so, simply use a coin, key, or other metal ...
  18. [18]
    My Verizon Website - Locate the SIM PIN / PUK
    If your SIM card is locked and you're unable to make or receive calls or connect to internet, here's how to find the SIM unlock PIN / PUK.
  19. [19]
    Enter PUK Code - AT&T Wireless Customer Support
    Jan 14, 2025 · Go to your account overview and open the My wireless section. · Scroll to My devices & add-ons and choose the device that needs a PUK code.Missing: ETSI | Show results with:ETSI
  20. [20]
    Sim personal unblocking key - GlobaleSIM
    Don't panic! The PUK code is like a master key designed to unlock your eSIM in such situations. Once you enter the correct PUK code, your eSIM will be unlocked, ...
  21. [21]
    How do I get my PUK number? - Vodafone Idea
    You can dial 199(toll free IVR) from another Vi number to navigate the menu and retrieve your PUK code to unblock your SIM.
  22. [22]
    Protecting Consumers from SIM-Swap and Port-Out Fraud
    Dec 8, 2023 · We decline to restrict the use of SMS-based customer authentication for SIM change requests, but we strongly encourage wireless providers to use ...
  23. [23]
    [PDF] FCC-23-95A1.pdf
    Nov 16, 2023 · We decline to restrict the use of SMS-based customer authentication for SIM change requests, but we strongly encourage wireless providers to use ...
  24. [24]
    PUK and SIM error troubleshooting | T-Mobile Support
    If a SIM PIN security code has been entered incorrectly multiple times, the SIM will lock and require you to enter a PUK code to use your device again.
  25. [25]
    [DOC] TS11V44-Annex-D-RAT-INDEPENDENT-40-59.docx - GSMA
    PIN lock is enabled. PUK is blocked (e.g. enter wrong PUK 10x when trying to unlock PUK). -. Test procedure. Expected behaviour. 1. Restart DUT. PUK blocked ...
  26. [26]
    How Do I Get a Replacement SIM - Mint Mobile
    Note: a replacement SIM card costs $9.95 and takes approximately 3-5 business days to receive, or you can switch to an eSIM in minutes if your device is ...
  27. [27]
    T-Mobile® SIM Card: Prices, 1 Colors, Sizes, Features & Specs
    14-day returnsOur most comprehensive plan includes: Replacement for loss & theft; Unlimited accidental damage claims; $0 Repairs for cracked front screens ...
  28. [28]
    PIN and PUK codes: Security recommendations - ID.ee
    Your certificates, ie your electronic identity, are protected for as long as your PIN and PUK codes don't fall into the wrong hands along with your card.
  29. [29]
    Use a SIM PIN for your iPhone or iPad - Apple Support
    Mar 31, 2025 · Turn your SIM PIN on or off · If you have an iPhone with a single SIM card or eSIM, go to Settings > Cellular > SIM PIN. If you have an iPhone ...
  30. [30]
    Preventing SIM Swapping and Port-out Scams [Updated] - Aura
    May 1, 2025 · The simplest way is to set a SIM PIN, enable number transfer protection with your carrier, and use an authenticator app instead of SMS for 2FA.Steps To Prevent Sim Swap... · 3. On T-Mobile · Inside A Sim Swap Attack<|separator|>
  31. [31]
    SIM Swap Scams: How to Protect Yourself | Consumer Advice
    Oct 23, 2019 · Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider's website ...Missing: PUK | Show results with:PUK
  32. [32]
    [EPUB] The Creation of Standards for Global Mobile Communication - ETSI
    A selection was made for the service opening in 1991. This set of specifications was called GSM Phase 1. It contained the new radio subsystem, the new core ...Missing: PUK | Show results with:PUK
  33. [33]
    [PDF] The GSM Standard (An Overview of its Security) - GIAC Certifications
    At this point, you'll have to contact your cellular provider who can unblocked your mobile phone, by entering an eight digit Personal Unblocking Key (PUK), ...
  34. [34]
    Our history - About Us - GSMA
    1982 Groupe Speciale Mobile (GSM) is formed by the Confederation of European Posts and Telecommunications (CEPT) to design a pan-European mobile technology.Missing: PUK | Show results with:PUK
  35. [35]
    [PDF] GSM 11.11 - Version 5.0.0 - ETSI
    GSM 11.11 is a specification for the Subscriber Identity Module (SIM) interface in a digital cellular telecommunications system (Phase 2+).