Consider how someone could clone your phone’s eSIM, read your texts, or steal your two-factor authentication codes without ever touching your phone. This isn’t a story about the future. Recently, researchers identified a severe security hole in embedded SIM technology. What was once a significant advancement in convenience has now become a gateway for hackers to surveil millions of devices worldwide.
What truly went down?
In July 2025, Security Explorations, a cybersecurity research organization from Poland, uncovered a big problem with eSIM technology. Newer smartphones are using eSIMs instead of regular SIM cards. eSIMs are built-in SIM cards. eUICC chips are unique chips that keep these eSIM profiles safe. Java Card technology is used to manage and verify user identities on mobile networks. Some of these chips, especially the ones developed by Kigen, are to blame. They had security holes from 2019 that were never adequately patched.
The researchers demonstrated that attackers could exploit these flaws to remotely install malicious software applets on eUICC chips. They might achieve this by sending SMS provisioning messages over the air or by acquiring short physical access to the device. Once inside, attackers could copy the eSIM profile, which had all the identity and authentication keys, to another device. The attacker can access calls, SMS, and two-factor authentication codes from this cloned eSIM without the user knowing.
How did this breach happen? How the Workflow Works
Please let me gently explain how this exploit works step by step, as if I were giving you a secret:
The first thing you should know is that Kigen’s eUICC chips employ obsolete Java Card technology that has security flaws. People found these issues in 2019, but they were never completely patched; thus, they are still around today.
The next step for the attacker is to gain the chip’s authentication keys. This can happen if the attacker can get to the device for a short time or if the server that controls these keys is hijacked.
Once they have these keys, attackers can utilize the SMS-PP or OTA provisioning protocols to remotely install a bad Java applet on the eUICC chip. This applet acts like malware on the chip, bypassing usual security safeguards.
After the attacker installs this phony applet, they can copy the eSIM profile by stealing the user’s private keys and personal information. The applet can also deliver profile installations to a device that the attacker has access to.
Finally, when the clone is running, the attacker can listen in on all communication, including phone calls, text messages, data, and even codes for two-factor authentication. The original device continues to function normally, making it difficult to detect the attack.
Who attacked?
The most crucial point is that this attack was not carried out by a group of hackers trying to obtain your information. Adam Gowdiak runs Security Explorations, a well-known cybersecurity research business that uncovered and presented the attack. The researchers conducted this work responsibly to demonstrate that eSIM security is not flawless and to encourage manufacturers and carriers to address the issues.
Kigen makes the chips that are affected. Kigen’s eUICC chips power over two billion devices globally. These include smartphones, tablets, smart automobiles, and Internet of Things devices. The researchers got a $30,000 bug prize from Kigen, which suggests that they treated the issue seriously.
At the time, no hackers or criminals had exploited this issue. But now that the detailed approach is out in the open, anybody with malicious intentions could use it as a weapon in the future. This information is important for everyone.
Effects and Effects on Cash
Let me explain why this is vital for everyone, even if you don’t know it yet.
It would be unsettling for most individuals to wake up and realize that someone else had acquired their two-factor authentication codes or critical calls. Hackers might break into your email, bank accounts, social media, and even apps you use for work. The scary issue is that you might not discover it until your accounts are emptied or hacked.
Because of this issue, hackers can steal sensitive information, including trade secrets, contracts, and private emails, without anyone knowing. This is bad news for organizations, especially executives who use eSIM-enabled handsets. These types of breaches can lead to financial losses, damage reputations, and erode trust.
The hazards also affect people who work for the government, diplomats, journalists, and human rights campaigners. Hackers could make copies of the victims’ phones to snoop on them without being present in person.
We don’t know how much these hacks cost, but they might get you in trouble with rules like the GDPR in Europe, the Federal Communications Commission in the U.S., and India’s TRAI rules. It affects more than simply money; it also undermines democracy, free speech, and people’s safety.
Learn to recognize when someone is attacking you
If you use an eSIM-enabled gadget like a phone, tablet, smartwatch, or smart car and your carrier employs Kigen chips, you could be at risk.
Here are some things to watch out for:
• Your carrier may send you messages or reminders about eSIM activations that you don’t want, and you might experience network problems or SIM swaps that happen without your permission. Text messages that don’t come on time or at all, especially two-factor authentication codes
• Notifications concerning new eSIM profile installations that you didn’t ask for
It’s challenging to find the clone because the original SIM keeps working regularly and the clone does nothing. Most of the time, you need support from your carrier to look at provisioning logs and see if any new profiles have been created.
How to Stay Safe
Here is a short list of things you can do to keep safe:
• Always keep your device and carrier ground settings up to date with the newest fixes.
• Don’t use Wi-Fi networks that are public or that you don’t know to set up or manage your eSIM.
• Stop using SMS for two-factor authentication and start using apps or hardware tokens instead.
• Check your carrier account often for any unusual activity or changes to your profile.
• Ask your mobile provider if they use Kigen eUICC chips and if they have installed any updates.
• Use tight security on your devices, such as encryption, PIN codes, and locks that work with your fingerprint.
• You might want to use a VPN to keep your internet traffic safe.
• Find out how eSIM provisioning works so you can recognize things that don’t seem right.
• If you are in charge of IT for a business, review the provisioning logs periodically and make sure that hardware security modules are used to keep keys safe.
• To stay up to speed, read official GSMA advisories and updates from trusted security research groups.
What We Found Out
We may all learn from this occurrence that
• Safety and ease of use are not the same thing. Always inquire how new technology protects you.
• Old software problems can stay in important systems for years. We need to ask for patches on time.
• Everyone is in charge of safety. Chip makers, cell operators, standards groups, and regulators all need to work together to keep users secure.
• Everyone needs to be careful. Stay up to date, log in safely, and keep an eye on your devices.
• Trust grows when you are open. Providers should be honest about problems and how to fix them.
• Governments and regulators need to pay more attention to how safe mobile infrastructure is.
A short overview for you to remember:
• The fundamental issue is that the Kigen eUICC chips have security flaws in their Java cards.
• Risk: Copying and snooping on eSIM profiles without anyone knowing.
• Victims: Anyone who possesses an eSIM phone.
• Signs: texts that don’t get through, sudden activations, and SIM changes.
• Safety: Keep your gadgets up to date, utilize two-factor authentication (2FA), and watch what you do.
• Things that need to be fixed: improved checks for provisioning, secure key management, and audit logs.
Last Thoughts
This isn’t just a narrative about technology. It’s a narrative about how much you trust the technologies you use every day and how safe and private they are. At Hoplon Infosec, we want to support carriers and users, spread the word, and build safe zero-trust systems for eSIM and other technologies. Your phone is your identity in the digital world. You need to keep it safe now.
Stay informed, be cautious, and safeguard your digital life from unauthorized access.
Did you find this article helpful? Or want to know more about our Cybersecurity Products Services?
Explore our main services >>
Mobile Security
Endpoint Security
Deep and Dark Web Monitoring
ISO Certification and AI-Management System
Web Application Security Testing
Penetration Testing
For more services go to our homepage
Follow us on X (Twitter), LinkedIn for more Cyber Security news and updates. Stay connected on YouTube, Facebook and Instagram as well. At Hoplon Infosec, we’re committed to securing your digital world.
