A security research lab has uncovered a major vulnerability in a type of embedded SIM card, or eSIM, that could allow criminals and spies to take over a person’s mobile phone. The hack could enable attackers to listen in on calls, read messages, and even completely disable a phone’s digital chip. The findings, from the research lab Security Explorations, highlight a new risk for the growing number of devices that use eSIMs, which replace traditional physical SIM cards.
The Flaw in the Chip
The problem lies in a widely used eUICC card made by the company Kigen. The researchers found security flaws that could be exploited to steal a person’s eSIM data and spy on their communications. The vulnerabilities are connected to older bugs in Java Card technology that were not fixed properly in the past. According to Security Explorations, a similar type of attack may have been prevented if the company Oracle had taken previous software bugs more seriously. The security firm has even created a tool to check if an eSIM is vulnerable, though it is currently specific to Kigen cards.
“Centre for Police Technology” Launched as Common Platform for Police, OEMs, and Vendors to Drive Smart Policing
How the Hack Works
To carry out the attack, a hacker must first get brief physical access to the target’s phone. During this time, they can extract a special digital key from the device. Once they have this key, they no longer need the phone. They can then install a malicious program from a distance, or “over-the-air,” to fully compromise the chip’s security. Adam Gowdiak, the CEO of AG Security Research, explained that the vulnerability allows the attacker to compromise the chip even though it was designed with the belief that it could not be breached.
Serious Risks to Privacy and Security
The potential consequences of this hack are severe. An attacker can obtain a user’s eSIM profile data, which is used to connect to a mobile network. This information can then be used by sophisticated attackers, like those working for a country’s government, to eavesdrop on private communications. The research team proved the danger by successfully cloning an eSIM from a major mobile provider in Poland. Once cloned, all of the original user’s calls and text messages were redirected to the hacker’s device. The research suggests that other mobile operators around the world are also likely at risk.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Beyond Spying: Bricking Devices
The security firm also warned of other serious threats. An attacker could potentially use the exploit to create a hidden “backdoor” on an eSIM chip, making it impossible for phone companies or phone makers to detect. Finally, the exploit could be used to permanently damage eSIM chips, a process known as “bricking.” The researcher noted that he was able to damage five cards during his work, demonstrating the potential for this kind of digital vandalism. The findings have been shared with both Kigen and GSMA, a major organization in the mobile industry, to help them address the issue.
