The National Information Technology Development Agency (NITDA) has raised alarm over a newly discovered security vulnerability in embedded SIM (eSIM) cards, warning that the flaw could expose billions of smartphones, tablets, wearables, and Internet of Things (IoT) devices to large-scale cyberattacks.
According to the agency, the weakness stems from the GSMA TS 48 Generic Test Profile (version 6.0 and earlier), widely used in radio compliance testing of embedded Universal Integrated Circuit Card (eUICC) chips. More than two billion devices worldwide are believed to be at risk.
If exploited, the flaw could allow attackers to gain remote or physical access to devices, install malicious software, extract sensitive cryptographic keys, or even clone eSIM profiles. This raises the possibility of widespread interception of communications, device takeovers, and the installation of stealth backdoors at the SIM card level.
To contain the threat, device manufacturers and service providers have been urged to immediately deploy Kigen OS patches via over-the-air (OTA) updates. NITDA also advised stakeholders to adopt the latest GSMA TS.48 version 7.0 standard and eliminate legacy test profiles that could open the door to malicious applet installations. The agency stressed that urgent action is necessary to block exploitation paths, enforce updated controls, and protect users from what could become one of the most extensive cybersecurity threats in years.
Nigeria began its eSIM journey in 2020 after the Nigerian Communications Commission (NCC) approved MTN and 9mobile to run a one-year trial of the technology, with 5,000 eSIMs tested under strict regulatory conditions. Following the trial, both operators rolled out eSIM services commercially, allowing customers with compatible devices to switch from physical SIMs. Airtel later joined in January 2023.
While there is no official data on how many Nigerians currently use eSIM, the technology is gradually spreading across the country.
An eSIM, or embedded SIM, is a digital SIM card that functions like a physical SIM but is built directly into smartphones, wearables, and other devices. It is considered the future of mobile connectivity, offering flexibility and convenience since users no longer need to insert or swap SIM cards manually.
