ABUJA, Nigeria – The National Information Technology Development Agency (NITDA) has issued a public warning about a newly discovered flaw in embedded SIM (eSIM) cards, calling it one of the most significant cybersecurity threats in years.
In a statement released Friday, NITDA revealed that the vulnerability affects more than two billion devices worldwide.
The flaw, rooted in the GSMA TS 48 Generic Test Profile (version 6.0 and earlier), could allow attackers to hijack subscriber data, intercept communications, clone profiles, and install malicious software.
“This flaw poses serious risks to communications security globally. If exploited, it could enable widespread interception of calls and persistent control of compromised devices,” the Agency cautioned.
NITDA explained that attackers could gain both remote and physical access to devices by extracting cryptographic keys or exploiting legacy test profiles used in compliance checks.
The Agency urged service providers and manufacturers to immediately deploy Kigen OS patches via over-the-air updates, adopt the GSMA TS.48 version 7.0 standard, and remove outdated test profiles.
Swift action, NITDA stressed, was critical to preventing large-scale cyberattacks. “Timely enforcement of security updates will safeguard Nigerians and the global community from severe breaches,” the Agency said.
Experts say the warning underscores Nigeria’s increasing role in global digital security efforts. With millions of Nigerians adopting eSIM technology, the agency’s intervention highlights urgent steps to protect consumers and networks from exploitation.
