How to make sure your eSIM doesn’t get hacked

48 3 minutes read

First came the physical SIM (Subscriber Identity Module) card, and now we have the eSIM (Embedded SIM)—the newer technology that is supported by almost all modern cellphones, and which does away with the need for a card you pop in and out of your device.

There are plenty of advantages to eSIMs. They’re easier to set up (you don’t need to wait for a card to come in the mail), it’s simpler to switch numbers (you can manage it with just a few taps inside an app), and it makes international travel more straightforward (you can switch between country-specific eSIMs as needed).

eSIMs are also more secure than their physical counterparts, for the reasons we’ll set out below—but that doesn’t mean they’re hack-proof. Whether you’ve already switched to one or are thinking about it, here’s what you need to know about eSIM security.

What makes eSIMs more secure

screenshot of esim card for sale — One popular use of eSIMs is for international travel. *Screenshot: Holafly*

The lack of a physical card is the primary reason why eSIMs are more secure than standard SIMs: There’s no way a thief can pop an eSIM out of your smartphone, put it in another device, and pretend to be you. Instead the eSIM information—your number, your identity, and your network settings—stays on a programmable chip embedded in your phone.

Due to the way they work, eSIMs are easier to manage remotely as well. You can often manage all your eSIM settings inside the companion app provided by your carrier or eSIM company. If your number is exploited in any way, you should be able to shut down communications remotely from another device.

Data on an eSIM is encrypted, making it very difficult for anyone to tamper with the information these modules contain or adjust their settings—even if they have physical access to your device. They’re also more difficult to clone because of the extra security barriers in place, making identity theft less likely.

What’s more, the initial eSIM setup process is tightly controlled and difficult to work around. Carriers and dedicated eSIM providers run a variety of checks to make sure you are who you say you are, and that the eSIM number or data connection is registered with the right device.

It’s also worth mentioning that using eSIMs for data access abroad means you’re less reliant on public Wi-Fi networks than if you have a physical SIM, don’t bother to get a data plan functional in your location, and only use Wi-Fi to connect. These networks come with their own security vulnerabilities, because you can never be completely sure about how they’ve been set up or who’s connected to them, so the less time you spend connected to them the better.

Why you still need to be careful

esim setup page on a phone — eSIMs can be set up in a few minutes on a smartphone.

Despite all the security benefits that eSIMs come with, they’re not immune to potential hacking attacks. SIM swaps are still possible: That’s where someone impersonates you to get your number moved to a different device, disabling it on yours. If this happens, you’ll notice pretty quickly—you won’t be able to make any calls or connect to the web.

eSIMs can also be exposed by malware running on your phone or tablet, often delivered through a link in a message or an email that you’re tricked into tapping on. This can open up your device and its eSIM to unauthorized access, which might then lead to hackers being able to interfere with your communications.

The usual security advice applies here. Be wary of phishing attempts, for example, and think twice about following links unless you’re absolutely sure they’re genuine. If you have any doubts, try getting in touch with the (apparent) sender of the message to double-check, whether it’s a family friend or the bank you do business with.

Any account you have with a carrier or an eSIM provider can be hacked into if someone else gains access to your login credentials. As always, make sure you’re using long passwords that are difficult to guess, and turn on two-factor authentication if it’s offered (it usually is), so an additional code is required to log in on a new device.

Keep your phone software and apps up to date as much as you can, as this will bolster the built-in protection that keeps your eSIM safe. In addition, keep your phone well protected through biometric security on the lock screen and a lengthy PIN, making it more difficult for anyone else to gain access to your handset.