It’s worth noting that while the Security Explorations project focused on Kigen products, eUICC/eSIM chips from several other vendors may be vulnerable to similar attacks as the underlying issue is related to a series of vulnerabilities found in Oracle’s Java Card technology.

The Java Card flaws were disclosed by Security Explorations in 2019, but Oracle and SIM card manufacturers using the technology downplayed their potential impact at the time.

In order to conduct an attack, the attacker needs temporary physical access to the device with the targeted eSIM. The goal is to extract a key that allows the installation of a malicious Java Card application.