eSIM tech flaw exposes smartphones to serious hacking risks

As a tech journalist, Zul focuses on topics including cloud computing, cybersecurity, and disruptive technology in the enterprise industry. He has expertise in moderating webinars and presenting content on video, in addition to having a background in networking technology.

A security research team has found a flaw in eSIM tech that could let attackers install malicious code, steal operator secrets, and hijack mobile profiles – all without raising alarms.

The problem affects Kigen’s eUICC card, which powers digital SIMs in many phones and IoT devices. According to the company, more than two billion SIMs had been enabled by the end of 2020.

The issue was discovered by Security Explorations, a Polish research lab. Kigen confirmed the flaw and paid the group a $30,000 bug bounty.

eSIMs work without physical cards. Instead, the SIM is stored on a chip in the device – known as an eUICC – and lets users switch ...