- A test eSIM profile used by billions of units carried a major error
- It made it possible for malicious actors with physical access the opportunity to implement applets
- A patch is now available so users need to upgrade now
Security researchers have discovered a vulnerability in eSIM technology used in virtually all smartphones and many other internet-connected, smart devices.
In theory, the error could have been abused to intercept or manipulate communication, extract sensitive data, inject malicious applets and more.
There are more than two billion ESIM-activated devices that can potentially be affected by this error that includes smartphones, tablets, wearables and countless IoT devices that depend on the view’s EUICC technology.
Updating the error
The error allowed anyone with physical access to the compromised device to install custom programs – applets – without proving they were not malicious.
BUG was discovered by security surveys, a research laboratory for AG Security Research, and was discovered in GSMA T.48 Generic Test Profile (V6.0 and earlier), a standardized ESIM profile that supports unit tests and certifications, especially for units with non-named embedded SIMs (EUICCS).
In other words, it was discovered in a test version of a SIM card that was used just to check if the device worked properly or not.
The Take has released a patch to mitigate the problem, with GSMA Ts.48 V7.0 specification The first clean version – with the company that says Patchet has already been distributed to all customers.
The silver lining here is that the error was not so easy or straightforward to exploit. In addition to having physical access to the device or EUICC, the striker also needs a way to trigger test mode activation. Furthermore, the unit should have to use unprotected, older test profiles with RAM keys that are still intact.
Look’s Patch and GSMA Ts.48 V7.0 update now blocks RAM key access in test profiles by default, the Javacard Applet installation is prohibited completely on test mode profiles, randomiser keys for future RAM-activated test and Harden OS safety against unauthorized remote load. An attack should now be almost impossible to perform.
Security exploration was subsequently awarded $ 30,000 for its problems.
Via Hacker the news
