Oops! Billions of IoT Devices Vulnerable Thanks to Kigen’s eUICC Blunder!
Kigen’s eUICC cards vulnerability exposed billions of IoT devices to attacks via flawed eSIM profile management. Attackers could exploit this to install malicious JavaCard applets. Despite requiring physical access, the flaw was significant enough to earn a $30,000 bounty for its discovery. A security patch has been issued.
Hot Take:
Look out, IoT devices! Your eSIMs just got more holes than Swiss cheese, thanks to a vulnerability in Kigen’s eUICC cards. It’s like someone accidentally gave out the keys to the castle and left the drawbridge down. But fear not; the knights in cybersecurity armor have patched things up – for now. So, while your devices might have been exposed, at least they’re not going streaking through the digital streets anymore. Let’s just hope no one with bad intentions has a physical pass to your IoT devices, or it might be time to start building a moat!
Key Points:
- Newly disclosed vulnerability in Kigen’s eUICC cards affects older GSMA TS.48 profiles.
- Attackers with physical access can install malicious JavaCard applets.
- Potential risks include extracting device identity certificates and unauthorized profile downloads.
- Kigen released a security patch and GSMA revised the test profile specification.
- Vulnerability builds on previous Oracle Java Card weaknesses identified in 2019.