NITDA Raises Alarm Over Global eSIM Security Flaw Affecting Billions of Devices

The National Information Technology Development Agency (NITDA) has warned Nigerians of a critical security vulnerability affecting embedded SIM (eSIM) technology, which could expose over two billion devices worldwide to large-scale cyberattacks.

In a public advisory issued at the weekend, the agency said the flaw stems from the GSMA TS 48 Generic Test Profile (version 6.0 and earlier), commonly used in radio compliance testing of embedded Universal Integrated Circuit Card (eUICC) chips.

NITDA explained that the vulnerability could allow attackers to gain either physical or remote access to affected devices, enabling them to install malicious applets, extract sensitive cryptographic keys, and even clone eSIM profiles.

“If exploited, this flaw could result in large-scale interception of communications, persistent device control, and the deployment of stealth backdoors at the SIM card level,” the agency said.

Mitigation Measures

The agency urged device manufacturers and service providers to deploy Kigen OS patches through over-the-air (OTA) updates to secure affected eUICCs. Stakeholders were also advised to adopt the latest GSMA TS.48 version 7.0 standard and remove outdated test profiles to block malicious applet installations.

NITDA emphasised that swift action was critical to safeguard users from what could become one of the most far-reaching cybersecurity threats in recent years.

Nigeria’s eSIM Landscape

eSIM adoption in Nigeria began in 2020 when the Nigerian Communications Commission (NCC) approved MTN and 9mobile to conduct pilot trials involving 5,000 eSIMs under strict regulatory conditions. Both operators later rolled out the service commercially, with Airtel joining in January 2023.

While no official figures exist on the number of Nigerians currently using eSIM, industry experts see the technology as the future of mobile connectivity.

Unlike physical SIM cards, eSIMs are built into smartphones, wearables and IoT devices, offering consumers greater flexibility and freedom without the need for physical card swaps.