NITDA Warns Nigerians of Major eSIM Security Flaw Affecting Billions of Devices
The National Information Technology Development Agency (NITDA) has raised alarm over a critical security flaw in embedded SIM (eSIM) technology, warning that it could expose billions of devices worldwide to cyberattacks.
In a statement on Friday, the agency explained that the vulnerability could allow hackers to hijack phone numbers, intercept private communications, and install malicious software on eSIM-enabled devices. More than two billion gadgets, including smartphones, tablets, wearables, and Internet of Things (IoT) devices are affected.
According to NITDA, the flaw is linked to the GSMA TS 48 Generic Test Profile (version 6.0 and earlier), which is widely used in testing eUICC (Embedded Universal Integrated Circuit Card) chips. If exploited, attackers could gain access to devices either remotely or physically, clone eSIM profiles, steal cryptographic keys, and potentially take full control of a user’s device.
“This vulnerability poses a significant risk to device integrity and user privacy. It could lead to persistent device control and interception of sensitive communications,” the agency warned.
eSIM technology was first introduced in Nigeria in 2020 during trials by MTN and 9mobile, with Airtel adopting it in 2023. While the technology offers greater flexibility than traditional SIM cards, the latest warning highlights growing cybersecurity risks.
To reduce exposure, NITDA urged device manufacturers and network operators to immediately deploy Kigen OS patches through over-the-air updates and upgrade to the latest GSMA TS.48 version 7.0 standard. The agency also advised the removal of outdated test profiles that could be exploited.
“The swift application of updated security controls is critical to safeguarding Nigerian users from what could become one of the most far-reaching cybersecurity threats in recent years,” the agency said.
Although official figures on eSIM usage in Nigeria are unavailable, experts say adoption is on the rise, making stronger cybersecurity measures increasingly urgent.