Markus Vervier

Embedded Threats: A Deep Dive into the Attack Surface and Security Implications of eSIM Technology


With the increasing adoption of the embedded SIM (eSIM) or embedded Universal Integrated Circuit Card (eUICC), new connectivity opportunities and conveniences are emerging for users. However, with these advances emerge new potential vulnerabilities and security implications. This presentation will shed light on the yet unexplored attack surface of eSIM technology and highlight the potential risks and challenges of this now widely deployed technology. Support for eSIM is now available in modern mobile phones and also in popular desktop devices such as Lenovo Thinkpads running Microsoft Windows 10 and 11. By exploring the intricacies of eSIM security, we aim to raise awareness to the potential for offensive operations serving as technology but also in terms of post compromise situations


During the last 18 years Markus collected professional experience in offensive IT security working as a security researcher, code auditor, and penetration tester. He likes to do review code, reverse engineer the unknown, and to discover vulnerability in applications on various platforms and architectures.
Some of his notable accomplishments include conducting security analysis and reverse engineering of embedded firmware for mobile devices, discovering vulnerabilities in the Signal Private Messenger in collaboration with JP Aumasson, and finding a remote vulnerability in libOTR.