- An ESIM test profile used by billions of devices brought a major defect
- It allowed malicious actors with physical access the possibility of deploying applets
- A fix is now available, so users should upgrade now
Security researchers have discovered a vulnerability of ESIM technology used in almost all smartphones and many other intelligent devices connected to the Internet.
In theory, the fault could have been abused to intercept or manipulate communications, extract sensitive data, inject malicious applets, etc.
There are more than two billion ESIM compatible devices which could be potentially affected by this defect, which includes smartphones, tablets, portable devices and countless IoT devices based on Kigen Eucc technology.
Bug update
The bug allowed anyone with physical access to the compromised device to install personalized programs – applets – without proving that he was not malicious.
Discovered by Security Explorations, an AG Security Research research laboratory, the bug was discovered in the generic test profile GSMA TS.48 (V6.0 and earlier), a standardized ESIM profile which supports tests and peripheral certifications, in particular for devices with non -removable integrated similarities (EUICCS).
In other words, it was discovered in a test version of a SIM card, used only to check whether the device operated properly or not.
Kigen has published a corrective to mitigate the problem, with the GSMA TS.48 v7.0 specification the first clean version – the company affirming that the fix has already been distributed to all customers.
The silver lining here is that the bug was not so simple or easy to exploit. In addition to having physical access to the device or the EUICC, the attacker would also need a way to trigger the activation of the test mode. In addition, the device should use unprotected inherited test profiles, with always intact RAM keys.
The Kigen patch and the GSMA TS.48 V7.0 update now block access to the RAM key in the default test profiles, prohibit the installation of the Javacard applet completely on the profiles in test mode, randomize the keys for future RAM compatible tests and harden the safety of the operating system against unauthorized remote loading. An attack should now be practically impossible to execute.
Exploration of security was then awarded to $ 30,000 for its problems.
Via The Hacker News
