{"id":10497,"date":"2025-07-15T12:37:54","date_gmt":"2025-07-15T05:37:54","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10497"},"modified":"2026-02-05T12:38:01","modified_gmt":"2026-02-05T05:38:01","slug":"lo-hong-bao-mat-tren-esim-kigen-de-doa-hon-2-ty-thiet-bi-iot","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/15\/lo-hong-bao-mat-tren-esim-kigen-de-doa-hon-2-ty-thiet-bi-iot\/","title":{"rendered":"L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean eSIM Kigen \u0111e d\u1ecda h\u01a1n 2 t\u1ef7 thi\u1ebft b\u1ecb IoT"},"content":{"rendered":"<p><b>M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong chip eUICC (embedded SIM) c\u1ee7a Kigen, n\u1ec1n t\u1ea3ng \u0111ang \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p trong h\u01a1n 2 t\u1ef7 eSIM tr\u00ean c\u00e1c thi\u1ebft b\u1ecb IoT to\u00e0n c\u1ea7u. Ph\u00e1t hi\u1ec7n n\u00e0y cho th\u1ea5y nguy c\u01a1 t\u1ea5n c\u00f4ng t\u1eeb tin t\u1eb7c c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, gi\u1ea3i m\u00e3 th\u00f4ng tin v\u00e0 ki\u1ec3m so\u00e1t profile nh\u00e0 m\u1ea1ng (MNO) tr\u00ean thi\u1ebft b\u1ecb.<\/b><\/p>\n<p>Theo b\u00e1o c\u00e1o t\u1eeb nh\u00f3m nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt, l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt b\u1eaft ngu\u1ed3n t\u1eeb vi\u1ec7c s\u1eed d\u1ee5ng c\u1ea5u h\u00ecnh GSMA TS.48 Generic Test Profile phi\u00ean b\u1ea3n 6.0 tr\u1edf xu\u1ed1ng. \u0110\u00e2y v\u1ed1n l\u00e0 c\u1ea5u h\u00ecnh \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf ph\u1ee5c v\u1ee5 m\u1ee5c \u0111\u00edch ki\u1ec3m th\u1eed t\u00edn hi\u1ec7u radio trong m\u00f4i tr\u01b0\u1eddng ph\u00e1t tri\u1ec3n nh\u01b0ng l\u1ea1i b\u1ecb t\u00edch h\u1ee3p nh\u1ea7m v\u00e0o c\u00e1c thi\u1ebft b\u1ecb th\u01b0\u01a1ng m\u1ea1i, t\u1ee9c l\u00e0 thi\u1ebft b\u1ecb \u0111ang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng th\u1ef1c t\u1ebf tr\u00ean th\u1ecb tr\u01b0\u1eddng.<\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1752568608097.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1752568608097-png.17317\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img fetchpriority=\"high\" decoding=\"async\" class=\"bbImage\" title=\"1752568608097.png\" src=\"https:\/\/whitehat.vn\/attachments\/1752568608097-png.17317\/\" alt=\"1752568608097.png\" width=\"806\" height=\"416\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<p>L\u1ed7 h\u1ed5ng ch\u1ec9 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nh\u1eefng thi\u1ebft b\u1ecb IoT s\u1eed d\u1ee5ng eSIM Kigen \u0111ang ch\u1ea1y phi\u00ean b\u1ea3n TS.48 t\u1eeb 6.0 tr\u1edf xu\u1ed1ng. Tuy nhi\u00ean, do s\u1ed1 l\u01b0\u1ee3ng thi\u1ebft b\u1ecb s\u1eed d\u1ee5ng n\u1ec1n t\u1ea3ng eUICC c\u1ee7a Kigen \u0111\u00e3 v\u01b0\u1ee3t qu\u00e1 2 t\u1ef7, t\u00ednh \u0111\u1ebfn n\u0103m 2020, m\u1ee9c \u0111\u1ed9 \u1ea3nh h\u01b0\u1edfng c\u1ee7a l\u1ed7 h\u1ed5ng n\u00e0y l\u00e0 h\u1ebft s\u1ee9c \u0111\u00e1ng lo ng\u1ea1i, \u0111\u1eb7c bi\u1ec7t n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt b\u1ea3n v\u00e1 k\u1ecbp th\u1eddi.<\/p>\n<p>L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng c\u00e0i \u0111\u1eb7t m\u1ed9t applet JavaCard \u0111\u1ed9c h\u1ea1i v\u00e0o thi\u1ebft b\u1ecb v\u1edbi \u0111i\u1ec1u ki\u1ec7n c\u00f3 quy\u1ec1n truy c\u1eadp v\u1eadt l\u00fd v\u00e0 t\u1eadn d\u1ee5ng \u0111\u01b0\u1ee3c c\u00e1c kh\u00f3a c\u00f4ng khai \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 tr\u01b0\u1edbc \u0111\u00f3.<\/p>\n<p>Sau khi t\u1ea5n c\u00f4ng th\u00e0nh c\u00f4ng, hacker c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n nhi\u1ec1u h\u00e0nh vi nguy hi\u1ec3m, bao g\u1ed3m:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">\u0110\u00e1nh c\u1eafp ch\u1ee9ng ch\u1ec9 \u0111\u1ecbnh danh c\u1ee7a eUICC, t\u1eeb \u0111\u00f3 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t th\u1ebb SIM nh\u00fang<\/li>\n<li data-xf-list-type=\"ul\">T\u1ea3i c\u00e1c profile nh\u00e0 m\u1ea1ng (MNO) \u1edf d\u1ea1ng plaintext, t\u1ee9c l\u00e0 kh\u00f4ng c\u00f3 m\u00e3 h\u00f3a<\/li>\n<li data-xf-list-type=\"ul\">Theo d\u00f5i v\u00e0 can thi\u1ec7p v\u00e0o ho\u1ea1t \u0111\u1ed9ng c\u1ee7a eSIM tr\u00ean thi\u1ebft b\u1ecb m\u1ee5c ti\u00eau<\/li>\n<li data-xf-list-type=\"ul\">C\u00e0i \u0111\u1eb7t backdoor t\u00e0ng h\u00ecnh, gi\u00fap duy tr\u00ec quy\u1ec1n truy c\u1eadp tr\u00e1i ph\u00e9p m\u1ed9t c\u00e1ch b\u00ed m\u1eadt<\/li>\n<li data-xf-list-type=\"ul\">Gi\u1ea3 m\u1ea1o tr\u1ea1ng th\u00e1i profile, khi\u1ebfn h\u1ec7 th\u1ed1ng nh\u00e0 m\u1ea1ng kh\u00f4ng th\u1ec3 ph\u00e1t hi\u1ec7n b\u1ea5t th\u01b0\u1eddng ho\u1eb7c v\u00f4 hi\u1ec7u h\u00f3a profile \u0111\u00e3 b\u1ecb chi\u1ebfm quy\u1ec1n<\/li>\n<\/ul>\n<p>\u0110i\u1ec1u n\u00e0y m\u1edf ra m\u1ed9t \u0111i\u1ec3m y\u1ebfu l\u1edbn trong ki\u1ebfn tr\u00fac eSIM to\u00e0n c\u1ea7u, \u0111\u1eb7c bi\u1ec7t khi l\u1ed7 h\u1ed5ng kh\u00f4ng b\u1ecb ph\u00e1t hi\u1ec7n t\u1eeb c\u00e1c l\u1edbp ki\u1ec3m so\u00e1t truy\u1ec1n th\u1ed1ng c\u1ee7a nh\u00e0 m\u1ea1ng.<\/p>\n<p>Ngay sau khi l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n, Kigen \u0111\u00e3 nhanh ch\u00f3ng ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho h\u1ec7 \u0111i\u1ec1u h\u00e0nh eUICC, \u0111\u1ed3ng th\u1eddi cung c\u1ea5p c\u1eadp nh\u1eadt OTA (Over-the-Air) nh\u1eb1m ng\u0103n ch\u1eb7n vi\u1ec7c c\u00e0i \u0111\u1eb7t c\u00e1c applet kh\u00f4ng \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c tr\u00ean thi\u1ebft b\u1ecb. Song song \u0111\u00f3, GSMA c\u0169ng \u0111\u00e3 ra m\u1eaft phi\u00ean b\u1ea3n TS.48 v7.0, trong \u0111\u00f3 lo\u1ea1i b\u1ecf kh\u1ea3 n\u0103ng s\u1eed d\u1ee5ng test profile trong c\u00e1c m\u00f4i tr\u01b0\u1eddng tri\u1ec3n khai th\u1ef1c t\u1ebf \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro b\u1ea3o m\u1eadt.<\/p>\n<p>S\u1ef1 c\u1ed1 l\u1ea7n n\u00e0y ti\u1ebfp t\u1ee5c l\u00e0 l\u1eddi c\u1ea3nh t\u1ec9nh \u0111\u1ed1i v\u1edbi to\u00e0n ng\u00e0nh c\u00f4ng nghi\u1ec7p IoT v\u00e0 vi\u1ec5n th\u00f4ng, nh\u1ea5n m\u1ea1nh t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">Kh\u00f4ng s\u1eed d\u1ee5ng nh\u1ea7m c\u1ea5u h\u00ecnh test trong m\u00f4i tr\u01b0\u1eddng s\u1ea3n ph\u1ea9m<\/li>\n<li data-xf-list-type=\"ul\">C\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m v\u00e0 firmware th\u01b0\u1eddng xuy\u00ean \u0111\u1ec3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng m\u1edbi \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n<\/li>\n<li data-xf-list-type=\"ul\">Gi\u00e1m s\u00e1t nghi\u00eam ng\u1eb7t c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a eSIM v\u00e0 c\u00e1c applet tr\u00ean thi\u1ebft b\u1ecb, nh\u1eb1m \u0111\u1ea3m b\u1ea3o t\u00ednh to\u00e0n v\u1eb9n v\u00e0 an to\u00e0n c\u1ee7a h\u1ec7 th\u1ed1ng<\/li>\n<\/ul>\n<p>Trong b\u1ed1i c\u1ea3nh h\u00e0ng t\u1ef7 thi\u1ebft b\u1ecb IoT \u0111ang ng\u00e0y c\u00e0ng ph\u1ee5 thu\u1ed9c v\u00e0o eSIM v\u00e0 n\u1ec1n t\u1ea3ng eUICC, vi\u1ec7c duy tr\u00ec m\u1ed9t ki\u1ebfn tr\u00fac b\u1ea3o m\u1eadt v\u1eefng ch\u1eafc l\u00e0 y\u00eau c\u1ea7u s\u1ed1ng c\u00f2n, kh\u00f4ng ch\u1ec9 \u0111\u1ec3 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng m\u00e0 c\u00f2n \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o uy t\u00edn v\u00e0 ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh c\u1ee7a to\u00e0n b\u1ed9 h\u1ec7 sinh th\u00e1i s\u1ed1.<\/p>\n<div style=\"text-align: right\"><b><i>Theo The Hacker News<\/i><\/b>\u200b<\/div>\n<p>&nbsp;<\/p>\n<h4>\u200b<\/h4>\n<div style=\"text-align: right;margin-top: 16px\"><i>Theo: <a href=\"https:\/\/whitehat.vn\/threads\/lo-hong-bao-mat-tren-esim-kigen-de-doa-hon-2-ty-thiet-bi-iot.18565\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/whitehat.vn\/threads\/lo-hong-bao-mat-tren-esim-kigen-de-doa-hon-2-ty-thiet-bi-iot.18565\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong chip eUICC (embedded SIM) c\u1ee7a Kigen, n\u1ec1n t\u1ea3ng \u0111ang \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p trong h\u01a1n 2 t\u1ef7 eSIM tr\u00ean c\u00e1c thi\u1ebft b\u1ecb IoT to\u00e0n c\u1ea7u. Ph\u00e1t hi\u1ec7n n\u00e0y cho th\u1ea5y nguy c\u01a1 t\u1ea5n c\u00f4ng t\u1eeb tin t\u1eb7c c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c \u0111\u00e1nh c\u1eafp [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10497","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10497"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10497\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}