A critical vulnerability in eSIM technology, specifically targeting Java Card Virtual Machine implementation, allowed attackers to clone mobile subscriber profiles and hijack phone identities. This vulnerability affected over 2 billion SIMs, enabling attackers to intercept calls, SMS, and two-factor authentication codes undetected. The issue has been patched, but the potential impact was significant.
Source: https://cybersecuritynews.com/esim-hack/
TPRM report: https://scoringcyber.rankiteo.com/company/kigen
"id": "kig329071125",
"linkid": "kigen",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Major mobile network operators '
'including AT&T, Vodafone, O2, '
'Orange, and T-Mobile',
'industry': 'Telecommunications',
'name': 'Kigen',
'type': 'Company'}],
'attack_vector': 'Java Card Virtual Machine implementation flaws',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Private ECC keys, eSIM profiles'},
'description': 'A critical vulnerability in eSIM technology enables attackers '
'to clone mobile subscriber profiles and hijack phone '
'identities. AG Security Research revealed they broke the '
'security of Kigen eUICC cards with GSMA consumer '
'certificates, marking what they claim is the first successful '
'public hack against consumer GSMA eUICC and EAL-certified '
'GSMA security chips. The research team extracted private ECC '
'keys from compromised eUICC cards and demonstrated the '
'ability to download eSIM profiles from major mobile network '
'operators in cleartext format.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'eSIM profiles, private ECC keys',
'identity_theft_risk': 'High',
'systems_affected': 'Kigen eUICC cards'},
'initial_access_broker': {'entry_point': 'OTA channels or physical access',
'high_value_targets': 'eSIM profiles'},
'lessons_learned': 'The importance of robust security measures in eSIM '
'technology and the need for continuous monitoring and '
'updates.',
'motivation': 'Unauthorized access to eSIM profiles',
'post_incident_analysis': {'corrective_actions': 'Implement type safety '
'checks, update security '
'specifications, and '
'distribute patches',
'root_causes': 'Java Card Virtual Machine '
'implementation flaws'},
'recommendations': 'Implement strong security checks, update security '
'specifications, and ensure timely patching of '
'vulnerabilities.',
'references': [{'source': 'AG Security Research'}],
'response': {'containment_measures': 'Security patches deployed, test '
'profiles shut down',
'remediation_measures': 'Type safety checks implemented, '
'security bulletin issued'},
'title': 'Critical Vulnerability in eSIM Technology Enables Phone Identity '
'Hijacking',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Type confusion vulnerabilities in Java Card'}