NITDA Warns Nigerians of Critical eSIM Security Flaw Affecting Over 2 Billion Devices Worldwide

NITDA Issues Security Alert on eSIM Vulnerability

The National Information Technology Development Agency (NITDA) has raised an urgent alarm over a critical eSIM security flaw that affects more than 2 billion devices worldwide.

According to NITDA, if this vulnerability is exploited, attackers could gain both physical and remote access to targeted devices. This would allow cybercriminals to:

• Install malicious applets on devices
• Extract sensitive cryptographic keys
• Clone eSIM profiles

The agency warned that the flaw could lead to large-scale interception of communications, persistent control of devices, and even the deployment of stealth backdoors at the SIM card level.

Possible Impacts of the eSIM Security Flaw

The risks posed by this flaw are potentially devastating:

1. Interception of Private Communications – Hackers could monitor calls, messages, and data traffic.
2. Persistent Device Hijacking – Attackers may gain long-term control over affected devices.
3. Data Theft – Extraction of cryptographic keys could compromise personal and financial data.
4. Stealth Malware Deployment – Backdoors may be installed without detection.

NITDA stressed that this vulnerability could become one of the most far-reaching cybersecurity threats in recent years if not immediately addressed.

NITDA’s Recommendations for Mitigation

To prevent exploitation, NITDA has urged device manufacturers and service providers to take immediate steps, including:

• Applying Kigen OS patches via over-the-air (OTA) updates to restore eUICC integrity.
• Adopting the latest GSMA TS.48 version 7.0 standard.
• Removing all legacy test profiles that may expose devices to malicious applet installations.

The agency emphasised that swift action is critical to block exploitation paths, strengthen security controls, and protect millions of users.

eSIM Adoption in Nigeria

The eSIM journey in Nigeria began in 2020 when the Nigerian Communications Commission (NCC) approved MTN and 9mobile to conduct eSIM trials.

• The trial involved testing 5,000 eSIMs under strict regulatory conditions.
• MTN and 9mobile later became the first operators to officially launch eSIM services in Nigeria.
• In January 2023, Airtel Nigeria also rolled out its eSIM service, joining the other two major carriers.

Currently, there is no publicly available data on the number of Nigerians actively using eSIM technology.

What is eSIM and Why Does it Matter?

eSIM (Embedded SIM) is a digital SIM technology built directly into smartphones, wearables, and IoT devices. Unlike physical SIM cards, users do not need to insert or replace an eSIM—it can be activated remotely by mobile operators.

Key benefits of eSIM include:

• Flexibility – Users can easily switch between carriers without needing SIM cards.
• Convenience – No need to physically insert or remove SIMs.
• Future-Ready – Seen as the next step in SIM card evolution.

With growing adoption in Nigeria and worldwide, eSIM promises unmatched convenience but also introduces new cybersecurity challenges—making NITDA’s warning especially important.

Final Thoughts

As eSIM adoption increases in Nigeria, users and service providers must take cybersecurity seriously. The recent warning from NITDA highlights the need for urgent updates, stricter adherence to global standards, and proactive measures to safeguard digital communications.

Staying informed and applying recommended security updates is the best way for Nigerians to enjoy the benefits of eSIM technology without falling victim to cyberattacks.