Nigeria’s technology regulator has warned that a newly uncovered weakness in embedded SIM (eSIM) technology could open the door to one of the most far-reaching cybersecurity threats in recent years.
The National Information Technology Development Agency (NITDA) disclosed that the flaw affects over 2 billion smartphones, wearables, tablets, and Internet of Things (IoT) devices worldwide. If exploited, attackers could remotely or physically hijack vulnerable devices, install hidden software, extract cryptographic keys, and even duplicate eSIM profiles.
Such access, experts say, could enable large-scale surveillance, communication interception, and the creation of invisible backdoors at the SIM card level.
The vulnerability stems from older versions of the GSMA TS 48 Generic Test Profile (6.0 and below), a standard used in testing eUICC (Embedded Universal Integrated Circuit Card) chips. Devices running on these outdated profiles remain highly exposed.
To counter the risk, NITDA urged manufacturers and network providers to quickly deploy Kigen OS patches through over-the-air (OTA) updates and adopt the updated GSMA TS.48 version 7.0 standard. Removing legacy test profiles, the agency stressed, is also crucial.
“The urgency of this fix cannot be overstated. Preventive measures are the only way to protect users from mass exploitation,” the agency cautioned.
Also see: Chukwueze Chase: Fulham Joins Turkish Giants in Pursuit of Star
Nigeria entered the eSIM space in 2020 after the Nigerian Communications Commission (NCC) approved MTN and 9mobile to run a year-long trial involving 5,000 users. Both later rolled out commercial eSIM services, with Airtel joining in January 2023.
While adoption figures remain unclear, the technology is increasingly popular among Nigerians using high-end smartphones.
Unlike traditional SIM cards that must be inserted manually, eSIMs are built directly into devices and can be activated digitally. This flexibility has made them attractive to both consumers and telecom providers — but as this latest warning shows, the technology’s convenience also introduces new risks.
