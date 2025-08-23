The National Information Technology Development Agency (NITDA) has issued a public alert over a newly discovered critical security vulnerability in embedded SIM (eSIM) cards, warning that the flaw could expose billions of smartphones, tablets, wearables, and Internet of Things (IoT) devices worldwide to large-scale cyberattacks.

According to the agency, the flaw originates from the use of the GSMA TS 48 Generic Test Profile (versions 6.0 and earlier), which is widely deployed in radio compliance testing of eUICC (Embedded Universal Integrated Circuit Card) chips.

The vulnerability affects more than 2 billion devices globally and poses significant risks to communications security.

Possible impact

NITDA noted that if the vulnerability is exploited, attackers could gain physical or even remote access to targeted devices, enabling them to install malicious applets, extract sensitive cryptographic keys, and even clone eSIM profiles.

It added that this could lead to widespread interception of communications, persistent device control, and the deployment of stealth backdoors at the SIM card level.

To mitigate the risks, device manufacturers and service providers have been urged to immediately apply Kigen OS patches via over-the-air (OTA) updates to restore the integrity of affected eUICCs.

In addition, the agency advised stakeholders to adopt the latest GSMA TS.48 version 7.0 standard and remove all legacy test profiles that may expose devices to malicious applet installations.

NITDA emphasized that swift action is critical to blocking exploitation paths, enforcing updated security controls, and safeguarding users from what could become one of the most far-reaching cybersecurity threats in recent years.

eSIM in Nigeria

The eSIM journey in Nigeria started in 2020 with the Nigerian Communications Commission (NCC) approving MTN and 9mobile to commence a trial of the technology.

The trial was to run for one year and it involved testing 5,000 e-SIMs by the two networks, subject to compliance with some regulatory conditions.

The two operators later became the first to launch eSIM in Nigeria, allowing their customers with compatible phones to do away with physical SIMs. In January 2023, Airtel joined MTN and 9mobile by launching its eSIM service.

However, there is currently no publicly available figure on the number of Nigerians currently using eSIM.

What you should know

eSIM or embedded SIM is a digital SIM that enables customers to access the same functionality as someone using a physical SIM.

It is seen as the next step in the evolution of Subscriber Identity Modules (SIM cards) as it is designed to deliver unprecedented freedom and flexibility.

Unlike the physical SIM, users do not need to insert an eSIM into their phone as it is already built into the smartphone, device or wearable.