The National Information Technology Development Agency (NITDA) has issued a public alert over a newly discovered security flaw in embedded SIM (eSIM) cards that could expose billions of users worldwide to cyberattacks.
In a statement on Friday, the agency said the vulnerability originates from the GSMA TS 48 Generic Test Profile (versions 6.0 and earlier) and could allow hackers to hijack phone numbers, intercept communications, and gain both physical and remote access to devices.
According to NITDA, attackers exploiting the flaw could install malicious applets, extract cryptographic keys, clone eSIM profiles, and deploy “stealth backdoors at the SIM card level,” posing severe risks to communications security.
The agency advised device manufacturers and service providers to immediately roll out Kigen OS patches via over-the-air (OTA) updates and adopt the latest GSMA TS.48 version 7.0 standard. It stressed that swift compliance is “critical to blocking exploitation paths, enforcing updated security controls, and safeguarding users from what could become one of the most far-reaching cybersecurity threats in recent years.”
Nigeria began its eSIM journey in 2020 after the Nigerian Communications Commission (NCC) approved trials for MTN and 9mobile. Airtel followed in January 2023. However, there are no official figures on how many Nigerians currently use the technology.
