eSIM Vulnerability Exposed: Polish Researchers Reveal Major Security Flaws

Polish cybersecurity experts uncover major flaws in eSIM technology, showing how hackers could exploit the chip to clone SIMs, intercept calls, and access sensitive data remotely.

eSIM May Not Be as Secure as You Think, Say Polish Cyber Experts

eSIM technology—once hailed as a breakthrough in mobile connectivity—may not be as secure as previously believed. A team of Polish researchers has uncovered critical vulnerabilities in the chip responsible for storing eSIM profiles, exposing billions of devices to potential security threats, including SIM cloning, message interception, and remote hacking.

Security Flaws in eSIM Chips Raise Alarms Globally

Researchers from Poland’s Security Exploration team have successfully hacked the Kigen eUICC chip, which manages eSIM profiles on a vast range of devices, from smartphones to industrial Internet of Things (IoT) systems. The discovery marks a significant moment in mobile cybersecurity, calling into question the long-assumed safety of embedded SIM technology.

The team reportedly extracted sensitive digital certificates and decrypted eSIM profiles—components essential to authenticating a user’s mobile identity. These findings suggest that the data stored on eSIM chips, thought to be secure, can in fact be accessed and manipulated by skilled attackers.

What Makes eSIMs Vulnerable to Attacks?

Unlike traditional SIM cards, eSIMs are embedded directly into devices via a programmable chip called eUICC (Embedded Universal Integrated Circuit Card). The main advantage is flexibility—users can switch between mobile operators without replacing a physical card. However, it is this same convenience that may also be its Achilles’ heel.

The Polish researchers warn that if a hacker successfully clones an eSIM profile, they can effectively hijack a user’s mobile identity. This would allow them to read text messages, intercept phone calls, and even gain access to one-time passwords (OTPs), potentially bypassing two-factor authentication systems.

More alarmingly, the team claims that not all vulnerabilities require physical access to the device. Certain flaws, they say, can be exploited remotely over a network—significantly increasing the threat level for users worldwide.

Billions of Devices Potentially at Risk

The implications of the research are far-reaching. Billions of devices—from smartphones to smart cars and connected appliances—rely on eSIM technology to stay connected. A breach in this infrastructure could pose a major challenge to mobile operators, tech manufacturers, and security professionals globally.

While the Kigen eUICC chip was the specific target in this case, the findings raise broader questions about the robustness of eSIM security standards and the need for more rigorous testing and safeguards.

eSIM Security Under Scrutiny as New Threats Emerge
The revelation by Polish cybersecurity researchers serves as a stark reminder that even the most advanced technologies can carry hidden risks. As eSIM adoption continues to rise, ensuring its resilience against cloning, interception, and remote attacks will be critical. For now, the message is clear: eSIM may be convenient, but its security may not be as ironclad as we once believed.