- An ESIM test profile used by billions of devices with an important defect
- Allowed malicious actors with physical access to implement applets
- Now there is an available patch, so users should update now
Security researchers have discovered vulnerability in ESIM technology used in virtually all smartphones and in many other intelligent devices connected to the Internet.
In theory, the defect could have been abused of intercepting or manipulating communications, extracting confidential data, injecting malicious applets and more.
There are more than two billion devices enabled for Esim that could be potentially affected by this defect, which includes smartphones, tablets, portable and innumerable IoT devices that depend on Kigen EUICC technology.
Error update
The error allowed anyone with physical access to the committed device to install personalized programs (Applets, without demonstrating that they were not malicious.
Discovered by Security Explorations, a Ag Security Research Research Laboratory, the error was discovered in the GSMA TSMA TSMA Denual Test Profile (V6.0 and previous), a standardized ESIM profile that admits devices tests and certifications, especially for devices with non -removable built -in SIMS (EUICCS).
In other words, it was discovered in a test version of a SIM card, used only to verify whether the device worked correctly or not.
Kigen has launched a patch to mitigate the problem, with the specification GSMA TS.48 V7.0, the first clean version, with the company saying that the patch has already been distributed to all customers.
The positive side here is that the error was not so easy or direct to explode. In addition to having physical access to the device or EUICC, the attacker would also need a way to activate the activation of the proof mode. In addition, the device would need to use inherited and unprotected test profiles, with still intact RAM keys.
The Kigen patch and the GSMA ts.48 V7.0 update now block access to the RAM key in the test profiles by default, prohibit the installation of Javacard’s Applet completely in the testing profiles, randomly randomize the keysets for future tests enabled by RAM and harden the safety of the operating system against the unauthorized remote load. An attack should now be practically impossible to execute.
Security Exploration subsequently received $ 30,000 for its problems.
Through The hacker news