eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks
Jul 14, 2025
Mobile Security / Vulnerability
Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices have been enabled as of December 2020. The findings come from Security Explorations, a research lab of AG Security Research company. Kigen awarded the company a $30,000 bounty for their report. An eSIM, or embedded SIM, is a digital SIM card that's embedded directly into a device as software installed onto an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs allow users to activate a cellular plan from a carrier without the need for a physical SIM card. eUICC software offers the ability to change operator profiles, remote provisioning, and management of SIM profiles. "The eUICC card makes it possible to install the so-called eSIM profiles into the target chi...
