eSIMplicity or eSIMplification? Privacy and Security Risks in the eSIM Ecosystem
Maryam Motallebighomi
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Network Security 3: BLE and Cellular
The proliferation of **eSIM (embedded Subscriber Identity Module)** technology is rapidly transforming how devices connect to cellular networks, offering unparalleled convenience and flexibility. Unlike traditional physical SIM cards, eSIMs are integrated directly into devices, enabling remote provisioning and activation of cellular profiles. This streamlined setup has driven widespread adoption, exemplified by devices like the iPhone 14 in the United States, which is exclusively eSIM-only. However, this shift towards digital and remote management introduces a complex interplay of convenience and significant security and privacy challenges.
AI review
Solid systems-security research that does the actual work: 20+ travel eSIMs purchased and analyzed, hardware tooling deployed to capture SIM-layer traffic, reseller platforms joined and dashboards documented. The findings — HRR tunneling through China Mobile without user disclosure, silent proactive OTA communication, low-barrier resellers with location data and public IP assignment capabilities, and SMDP sync failures enabling DoS — are concrete, reproducible, and newsworthy in their own right.