Ethical Hacking News
Researchers have discovered a severe vulnerability in eSIM technology, which could potentially compromise billions of IoT devices. The Kigen eUICC card has been found to be susceptible to malicious attacks, posing a significant threat to global cybersecurity.
Over two billion SIMs in IoT devices are susceptible to malicious attacks due to a vulnerability in eSIM technology. A flaw in the GSMA TS.48 Generic Test Profile allows for the installation of non-verified and potentially malicious applets. Capable nation-state groups could exploit this vulnerability to compromise billions of IoT devices. The latest version of the TS.48 specification has mitigated the problem, but earlier versions remain vulnerable.
A recent discovery has exposed a severe vulnerability in eSIM technology, which could potentially compromise billions of IoT devices. The Kigen eUICC card, used in various smartphones and other devices, has been found to be susceptible to malicious attacks. According to the Security Explorations research lab, more than two billion SIMs in IoT devices have been enabled as of December 2020, making this a significant threat to global cybersecurity.
The eSIM technology allows users to activate cellular plans from a carrier without the need for a physical SIM card. This digital SIM card is embedded directly into a device as software installed onto an Embedded Universal Integrated Circuit Card (eUICC) chip. The eUICC card offers features such as remote provisioning, management of SIM profiles, and the ability to change operator profiles.
However, this innovative technology also comes with its own set of risks. Researchers from Security Explorations discovered that a vulnerability in the GSMA TS.48 Generic Test Profile, versions 6.0 and earlier, allows for the installation of non-verified and potentially malicious applets. This could enable attackers to install a malicious JavaCard applet, which would grant them access to sensitive information.
The vulnerability is rooted in the specification's restriction on using test profiles. The latest version of the TS.48 specification, GSMA TS.48 v7.0, released last month, mitigates this problem by restricting the use of the test profile. However, versions 6.0 and earlier are still vulnerable to exploitation.
To exploit this vulnerability, an attacker would need to gain physical access to a target eUICC card and use publicly known keys to install a malicious JavaCard applet. This could allow attackers to compromise an eSIM card and deploy a stealthy backdoor, effectively intercepting all communications. The downloaded profile can be potentially modified in such a way that the operator loses control over the profile, or the operator can be provided with a completely false view of the profile state.
The company Kigen has issued an advisory stating that the vulnerability is significant and could expose users to severe risks. According to their report, this eSIM architecture weak point constitutes a major concern for the security of IoT devices worldwide.
Security experts have warned that capable nation-state groups could potentially exploit these weaknesses in eUICC cards to compromise billions of IoT devices. The attacks might sound prohibitive to execute, but they are well within the reach of capable nation-state groups. This vulnerability highlights the need for increased awareness and vigilance among device manufacturers, operators, and consumers when it comes to cybersecurity.
In conclusion, this recent discovery underscores the importance of monitoring eSIM technology for vulnerabilities and taking proactive measures to mitigate potential risks. As devices become increasingly connected and interdependent, it is crucial that we prioritize security and collaborate to create a safer digital landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/eSIM-Vulnerability-Threatens-Billions-of-IoT-Devices-A-New-Frontier-for-Malicious-Attacks-ehn.shtml
https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html
Published: Mon Jul 14 04:09:52 2025 by llama3.2 3B Q4_K_M
