The National Information Technology Development Agency (NITDA) has raised alarm over a serious security flaw in eSIM technology that could expose billions of devices to global cyberattacks.
In a statement released on Friday, the agency revealed that the vulnerability affects smartphones, tablets, wearables, and Internet of Things (IoT) devices worldwide. More than two billion devices may be at risk.
How the Flaw Works
According to NITDA, the threat comes from the use of the GSMA TS 48 Generic Test Profile (version 6.0 and earlier). These profiles are often used to test embedded Universal Integrated Circuit Card (eUICC) chips, which power eSIM technology.
If exploited, attackers could gain remote or physical access to devices. This would allow them to “install malicious applets, extract sensitive cryptographic keys, and even clone eSIM profiles,” the agency warned. Such control could enable large-scale interception of communications, stealth backdoors at the SIM level, and persistent device hijacking.
What is at Stake for Nigerians?
eSIM, introduced in Nigeria in 2020 through a trial by MTN and 9mobile, has been seen as the future of mobile connectivity. Unlike physical SIMs, eSIMs are built directly into devices, offering flexibility and convenience.
However, with Airtel joining MTN and 9mobile in rolling out eSIM services last year, the number of Nigerians exposed to the flaw is growing, even though official adoption figures remain unavailable.
Learn about what eSIM is: Techstoriex published a comprehensive guide on how to purchase eSIM in Africa.
What Should Be Done
To protect users, NITDA has urged device makers and network providers to apply Kigen OS patches through over-the-air updates. Stakeholders are also advised to adopt the GSMA TS.48 version 7.0 standard and remove old test profiles that create entry points for attackers.
The agency stressed that urgent action is required. “Swift action is critical to blocking exploitation paths, enforcing updated security controls, and safeguarding users from what could become one of the most far-reaching cybersecurity threats in recent years,” NITDA stated.
I am passionate about crafting stories, vibing to good music (and making some too), debating Nigeria’s political future like it’s the World Cup, and finding the perfect quiet spot to work and unwind.
No Comments