The National Information Technology Development Agency (NITDA) has alerted Nigerians to a critical security vulnerability affecting embedded SIM (eSIM) technology, which experts warn could compromise devices and communications worldwide.
In a statement on Friday, the agency said the flaw allows attackers to potentially hijack phone numbers, intercept communications, and deploy malicious applets on eSIM-enabled devices. The vulnerability affects more than two billion devices globally, including smartphones, tablets, wearables, and Internet of Things (IoT) gadgets.
The flaw stems from the use of the GSMA TS 48 Generic Test Profile (versions 6.0 and earlier), widely employed in radio compliance testing of eUICC (Embedded Universal Integrated Circuit Card) chips. NITDA noted that if exploited, attackers could gain physical or remote access to devices, install malicious applets, extract cryptographic keys, or even clone eSIM profiles.
“This vulnerability poses a significant risk to device integrity and user privacy. It could lead to persistent device control and interception of sensitive communications,” the agency said.
eSIM technology, which allows devices to function without a physical SIM card, was introduced in Nigeria in 2020 through trials by MTN and 9mobile, with Airtel joining in 2023. The technology offers flexibility and convenience, but the NITDA warning underscores the need for users and service providers to act swiftly.
To mitigate the risks, NITDA urged device manufacturers and service providers to deploy Kigen OS patches via over-the-air (OTA) updates and adopt the latest GSMA TS.48 version 7.0 standard. The agency also advised the removal of legacy test profiles that could be exploited for malicious activity.
“The swift application of updated security controls is critical to safeguarding Nigerian users from what could become one of the most far-reaching cybersecurity threats in recent years,” the statement added.
While no official data exists on the current number of eSIM users in Nigeria, the alert emphasises the importance of cybersecurity vigilance as adoption of digital SIM technology continues to grow.
(Guardian)
