Urgent Alert for eSIM Users: Critical Security Flaw Exposed!

The National Information Technology Development Agency (NITDA) has issued a critical advisory regarding a significant security vulnerability in Embedded Universal Integrated Circuit Card (eUICC) eSIM technology. This flaw threatens billions of devices worldwide, impacting over 2 billion smartphones, tablets, IoT devices, and wearables. The vulnerability arises from outdated security protocols in the GSMA TS.48 Generic Test Profile (versions 6.0 and earlier).

NITDA highlights that this vulnerability allows attackers with physical or remote access to exploit eSIM cards by installing malicious applets, extracting sensitive keys, and cloning eSIM profiles. The potential consequences include large-scale interception of communications and persistent control over affected devices, along with the deployment of stealthy backdoors that compromise user privacy and security.

To address this serious issue, NITDA recommends immediate action:

Apply Kigen OS Patches: Device manufacturers should implement Kigen OS patches through over-the-air (OTA) updates to close potential exploitation paths and restore the integrity of eUICC technology.
Adopt Updated Security Standards: Transitioning to GSMA TS.48 version 7.0 and removing all legacy test profiles is crucial to prevent malicious applet installation and reinforce security measures across all devices.

As reliance on connected devices continues to grow, NITDA emphasizes the urgency of addressing this vulnerability to safeguard Nigeria’s cyberspace and protect users from potential breaches.