Hidden Threats in eSIM Technology: Researchers Warn of Spying, Cloning, and Permanent Damage Risks
Researchers have uncovered serious vulnerabilities in eSIM technology that could allow attackers to clone profiles, spy on users, and compromise device security through Java Card flaws.
Tech Author
Nowdays, smartphones and other connected smart devices are frequently equipped with embedded SIMs, or eSIMs. Unlike traditional physical SIM cards, eSIMs are integrated into the device itself. This allows you to swap networks and manage mobile connections without having to install a physical card. A key component of eSIMs is eUICC, which allows users to store and manage several mobile profiles on a single device.
However, a recent study has raised severe questions regarding the security of these devices. Security Explorations, a Polish cybersecurity research lab, uncovered severe problems in the eSIM system, notably in a widely used product from the company Kigen, which is recognised for enabling billions of SIMs in devices.
The researchers discovered that someone with brief physical access to a device might extract secret keys from the eSIM. These keys might then be used to install malicious software on the chip. After that, the hacker would no longer require physical access and could send commands to the eSIM remotely. This opens the door to potentially harmful activities such as eavesdropping on calls and texts or even cloning an eSIM profile. In one test, the researchers were able to copy an eSIM from Orange Poland, causing all SMS and calls to be delivered to the attacker's phone rather than the original device.
Even worse, hackers may be able to deploy secret backdoors or fully deactivate (brick) the eSIM chip.The risk is significant, particularly for high-profile targets or government users.
The main vulnerability appears to result from outdated flaws in Oracle's Java Card technology, which powers many eSIMs. Although these problems were discovered in 2019, they were not taken seriously. Their impact is already evident, and it might be extremely harmful.
The study serves as a warning that as our devices become more advanced, keeping them secure becomes increasingly critical.
Information referenced in this article is from Security Week
