A new security flaw in eSIM technology is making headlines across the cybersecurity world. This vulnerability, found in Kigen’s eUICC cards, has put billions of smartphones, wearables, and IoT devices at risk of being attacked, cloned, or remotely accessed.
The flaw lies in the Java Card virtual machine, which is the software platform inside these eSIM chips. According to security researchers, a long-standing bug in this virtual machine can be used to install unauthorized applications directly onto the chip. These apps could allow attackers to spy on users, hijack phone functions, and even steal mobile identities.
Researchers from Security Explorations, a well-known security firm, discovered the issue. They showed that it was possible to exploit the problem using older versions of the GSMA TS.48 Generic Test Profile. These older profiles don’t have the security protections needed to stop malicious applets from being installed on the eSIM.
To carry out the attack, an attacker would first need brief physical access to the phone or device. Using a known public test key, they can extract the private certificate that connects the eSIM to the mobile network. With that certificate in hand, they can install malicious code over the air (OTA), meaning they no longer need access to the phone again.
Once installed, these malicious programs can steal sensitive information, like your mobile identity, or even clone the entire eSIM profile to another device. That cloned device can receive your calls, texts, and two-factor authentication codes without you even knowing it’s happening.
This vulnerability is especially serious because it affects more than 2 billion devices globally, including not just smartphones but also IoT gadgets, connected cars, and wearables. Since eSIMs are built directly into the device, fixing the problem isn’t as simple as swapping out a SIM card.
This issue has roots going back to 2019, when similar bugs in Java Card were first reported to Oracle and other vendors. At the time, the problem was dismissed as low risk. Now, with real-world attacks being demonstrated, it’s clear that the threat was more serious than many believed.
Kigen, the company whose chips are affected, has confirmed the problem and issued a patch. The company labeled the issue as “medium severity” but still awarded a bug bounty to the researchers. The GSMA, which manages global SIM card standards, has also updated its security profiles to block these kinds of attacks going forward.
Experts say that while the attack requires some technical knowledge and physical access, it could be very valuable to advanced threat actors like government surveillance agencies or cybercriminal groups. Once the attack is complete, it’s almost impossible for the average user to detect that their eSIM has been compromised.
The good news is that this flaw can be fixed. Kigen has released OTA (over-the-air) updates for its chips, and mobile operators are now being urged to check their provisioning systems. Device makers are also being advised to support the new, safer versions of the eSIM profile.
As a regular user, there are a few things you can do to protect yourself. Avoid using SMS for sensitive two-factor authentication if possible, use app-based or hardware security keys instead. Also, keep your device’s software up to date and avoid handing it over to untrusted people.
In short, this eSIM bug is a serious reminder that even our most trusted technologies can have hidden vulnerabilities. While the average person may not be targeted, the sheer number of devices affected means it’s something the whole industry must act on, quickly and thoroughly.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
