Kigen eUICC eSIM Vulnerability Exposes Billions of IoT Devices to Security Risks
Kigen eUICC eSIM Vulnerability Exposes Billions of IoT Devices to Security Risks
Cybersecurity experts have identified a new technique that exploits weaknesses in eSIM technology, posing severe risks for users of modern smartphones and IoT devices.
The vulnerability specifically targets the Kigen eUICC card. Kigen, an Ireland-based firm, reports that over two billion SIMs for IoT devices have been deployed since December 2020.
This discovery comes from Security Explorations, a division of AG Security Research, which received a $30,000 bounty from Kigen for reporting the issue.
An eSIM (embedded SIM) is a digital SIM card integrated as software on an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs enable device users to activate cellular plans without using a physical SIM card, supporting remote provisioning, operator profile changes, and SIM management.
Security Explorations states, “The eUICC card allows the installation of eSIM profiles into the chip. These profiles are software forms of mobile subscriptions.”
Kigen’s advisory explains the vulnerability exists in the GSMA TS.48 Generic Test Profile up to version 6.0, which is used for radio compliance testing of eSIM products. GSMA TS.48 v7.0, released recently, addresses the problem by restricting test profile use; prior versions are now deprecated.
The flaw enables installation of unverified, potentially malicious applets. Kigen adds, “Successful exploitation requires specific conditions: attackers must have physical access to the target eUICC and use public keys, allowing installation of a malicious JavaCard applet.”
Further, the exploit can enable attackers to extract the Kigen eUICC identity certificate, making it possible to download arbitrary operator profiles in cleartext, access operator secrets, and manipulate profiles without being detected by mobile network operators.
Security Explorations’ findings build on their 2019 research into Oracle Java Card vulnerabilities, which could allow persistent backdoors in the card. One of these vulnerabilities affected Gemalto SIMs, which use Java Card tech.
The weaknesses allow attackers to “break memory safety of the Java Card VM,” gain full access to card memory, bypass applet firewalls, and possibly achieve native code execution. Oracle, however, claimed the concerns didn’t impact their production Java Card VMs, but Security Explorations now says these are “real bugs.”
While the attacks may seem difficult, capable nation-state actors could realistically carry them out, enabling compromise of eSIM cards and deployment of undetectable backdoors that intercept all communications.
Security Explorations adds, “A single compromised eUICC or GSMA certificate theft can be used to access (and download in plaintext) eSIMs from any operator, which is a major weakness in eSIM architecture.”
The issue could let attackers change a downloaded profile so operators lose remote control or the ability to disable it. Operators may receive a false view of the profile status or activity, which could be fully monitored by attackers.
More info here – Have a Story? Address it to the Editor and submit it here
About Kigen eUICC
Kigen is a leading provider of eUICC (embedded Universal Integrated Circuit Card) solutions, powering secure and flexible connectivity for billions of IoT devices worldwide. The Kigen eUICC is an advanced embedded SIM technology designed to replace traditional plastic SIM cards, allowing devices to be remotely provisioned and managed over-the-air. This technology enables manufacturers and service providers to deploy devices globally, supporting multiple network standards such as 2G, 3G, 4G, 5G, NB-IoT, and LTE-M.
The Kigen eUICC is typically delivered as a soldered chip (MFF2), built for durability and reliability in challenging environments. It offers a reduced bill of materials and eliminates the need for SIM trays, making it ideal for compact and industrial IoT applications. Security is a core focus, with Kigen’s eUICC certified to high industry standards and offering robust protection against tampering and unauthorized access.
Kigen’s eUICC solutions have been adopted across sectors including logistics, utilities, smart metering, asset tracking, and more. The platform supports large-scale deployment, seamless remote SIM provisioning, and lifecycle management, giving enterprises and mobile network operators the flexibility and control required for modern IoT rollouts.
Featured image source Blog Netizens
Disclaimer
The information provided in this article is for general informational purposes only and is derived from publicly available sources. While every effort is made to ensure accuracy, we make no representations or warranties, express or implied, regarding the completeness, reliability, or validity of the content. This article does not assert or verify any claims about specific companies, individuals, or organizations. References to external reports, studies, or sources are for contextual purposes only and do not imply endorsement or confirmation of any specific allegations. Readers are advised to conduct their own due diligence and seek professional advice before making business or investment decisions. We disclaim any liability for losses or damages incurred as a result of reliance on the information provided.