A newly discovered vulnerability in widely used eSIM chips could put billions of phones and IoT devices at risk of being cloned or secretly tracked. Polish security researchers from Security Exploration uncovered a method to compromise Kigen’s eUICC chip, which stores digital SIM profiles for major carriers like AT&T, Vodafone, and T-Mobile.

By exploiting this flaw, the team managed to extract decrypted eSIM profiles, certificates, and cryptographic keys. With this information, attackers could potentially duplicate a SIM profile, intercept calls and messages, and remain undetected. Kigen’s chips are embedded in countless smartphones and connected devices worldwide.

Figure 1. eSIM Chips.

In response, Kigen acknowledged the issue, released a patch, and awarded the researchers a $30,000 bug bounty. However, the research team warned that the fix only added surface-level checks and didn’t fully address the root problem within the Java Card virtual machine that powers the chip.

The report also raises concerns about remote attacks. While Kigen insists physical access is needed to exploit the vulnerability, the researchers argue that remote protocols used for over-the-air eSIM updates could make remote attacks feasible, especially if private keys are leaked. Figure 1 shows eSIM Chips.

In a demonstration, the team successfully cloned a live eSIM from Orange Poland and activated it on another device [1]. They believe similar methods could work against other carriers, given that eSIM profiles hold sensitive network configurations and security credentials.

Kigen’s chips support over two billion eSIM deployments globally. According to the researchers, unless the deeper flaws are properly fixed, millions of eSIM profiles could remain vulnerable. The team has notified GSMA and Oracle’s Java Card group about their findings. No specific smartphone brands were identified in the tests.

References:

1. https://www.digitalinformationworld.com/2025/07/researchers-breach-esim-chip-used-in.html

Cite this article:

Keerthana S (2025), Researchers Crack Security of eSIM Chips Found in Billions of Devices, AnaTechMaz, pp.267