NITDA warns on eSIM vulnerability exposing billions of devices to cyberattacks, urging urgent patches to secure smartphones, wearables, and IoT
NITDA warns on eSIM vulnerability that could expose more than two billion devices worldwide to large-scale cyberattacks if left unpatched.
Also read: IABC Africa Regional Board 2025/26 leads bold communication vision
In a public alert issued on Friday, the National Information Technology Development Agency revealed that the flaw affects smartphones, tablets, wearables, and IoT devices using embedded SIM (eSIM) technology.
Attackers could exploit the weakness to hijack subscriber data, intercept communications, and deploy malicious applets.
The flaw stems from the GSMA TS 48 Generic Test Profile (versions 6.0 and earlier), widely used in compliance testing of eUICC chips.
If exploited, hackers could gain physical or remote access, clone eSIM profiles, extract cryptographic keys, and install backdoors at the SIM card level.
“This could enable persistent device control and mass interception of communications,” the agency warned, stressing that swift action is vital to prevent what may become one of the most far-reaching cybersecurity threats in years.
To mitigate risks, NITDA urged device manufacturers and service providers to deploy Kigen OS patches via over-the-air updates and adopt the latest GSMA TS 48 version 7.0 standard.
The agency further advised stakeholders to remove outdated test profiles that leave devices vulnerable.
Also read: MTN Customer Engagement Day reinforces commitment to transparency, digital growth
eSIM technology, introduced in Nigeria through trials by MTN and 9mobile in 2020, has since expanded with Airtel joining in 2023. However, the number of Nigerians currently using eSIM remains unclear.
