255/68 Wednesday, July 16, 2025
Cybersecurity researchers from Security Explorations have disclosed a major vulnerability in eSIM technology used in Kigen’s eUICC cards, potentially exposing billions of IoT devices worldwide to malicious attacks. The flaw stems from the use of test profiles defined by the GSMA TS.48 standard, specifically version 6.0 and earlier, which allows unauthorized applets to be installed on the eUICC chip without detection.
eSIM (embedded SIM) technology, powered by eUICC software, enables remote provisioning and management of mobile profiles. It’s widely adopted in smartphones and IoT devices due to its flexibility and convenience. However, this capability also presents a vulnerability: an attacker with physical access to a device and knowledge of publicly known keys could install malicious code, eavesdrop on communications, or even steal Kigen’s credentials to download mobile network profiles over unencrypted channels. The attacker could potentially manipulate or spoof profile states without detection from the mobile network operator.
While the attack requires several specific conditions, experts warn that it poses a serious threat if executed by nation-state-level actors, as it could enable stealthy backdoors that are extremely difficult to detect. Kigen has acknowledged the vulnerability and awarded a $30,000 bounty to Security Explorations for the responsible disclosure. The company has issued an advisory recommending the deprecation of legacy test profiles and urging a switch to TS.48 version 7.0, which includes enhanced security measures to limit test profile usage and better mitigate this threat.
Source https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html
