eSIM Security Concerns Unveiled
A Northeastern University study revealed that eSIM providers often route user data through foreign networks, notably Chinese infrastructure, without disclosure, raising privacy concerns. The team tested various eSIM services, finding that user IP addresses frequently corresponded to third-party countries, not the user’s actual location. Surprisingly, creating an eSIM resale service required minimal effort, granting resellers extensive access to sensitive data. Researchers recommend increased transparency and regulatory measures to address these vulnerabilities.
- eSIM profiles were seen to silently communicate with servers and retrieve SMS, often without user knowledge.
- A full dataset and methodology will be available on GitHub for further research.