The question “is an eSIM safer than a physical SIM?” usually gets a lazy answer: yes, because there is no card to steal. That answer is not wrong, but it misses most of what actually matters.

Physical SIMs, eSIMs, and the newer iSIMs are three different architectures with three different security models. Each closes off certain attacks and opens up others. The physical SIM eliminates remote provisioning risk but is vulnerable to swapping and cloning. The eSIM removes the physical attack surface but introduces a software provisioning layer that can be targeted. The iSIM goes furthest into the chip but concentrates more sensitive functions into a single component. Understanding the tradeoffs is the difference between a useful answer and a marketing slogan.

After years working in identity and authentication, I find the SIM evolution genuinely interesting because it mirrors a pattern that shows up everywhere in security: moving a credential from something physical to something embedded to something integrated changes the threat model at every step, rather than simply making it “more secure.” Let me walk through how each works and where the real risks are.

The Three Architectures, Briefly

Before comparing security, it helps to be clear on what each type actually is, because the physical form factor drives the threat model.

A traditional SIM is a removable smart card. It is a self-contained chip running a small secure operating system that stores your subscriber credentials, most importantly the secret key that authenticates you to the mobile network. You can pull it out and move it between phones. The whole architecture assumes a physical, swappable card.

An eSIM (embedded SIM) is a chip soldered onto the device during manufacturing. Functionally it does the same job as a SIM, but instead of swapping a card, you download a subscriber profile onto the chip over the air. This is called Remote SIM Provisioning. The chip itself is sometimes called an eUICC (embedded Universal Integrated Circuit Card). There is no card to lose, but there is now a software process for getting your profile onto it.

An iSIM (integrated SIM) goes one step further and removes the separate SIM chip entirely. The SIM functionality lives inside a secure enclave, called a Tamper-Resistant Element, built directly into the device’s main system-on-chip (SoC). It uses the same remote provisioning model as eSIM but with no dedicated SIM hardware at all. This is increasingly important for IoT devices where space, power, and cost matter enormously.

The trajectory is clear: from removable, to embedded, to integrated. Each step trades physical separability for tighter integration. And each trade changes what attackers can do.

Traditional SIM: Known Attacks, Physical Weaknesses

The physical SIM has been around for decades, which means its weaknesses are extremely well understood.

SIM swapping is the dominant threat. This is not a technical attack on the SIM itself; it is social engineering against the carrier. An attacker convinces a carrier employee to port your number to a SIM they control, usually by impersonating you with stolen personal information. Once they have your number, they receive your calls and texts, including SMS two-factor authentication codes, and can take over accounts that rely on phone-based verification. The existence of a swappable physical credential is what makes this fraud structurally possible.

SIM cloning is a more technical attack where, under certain conditions and with older or weaker SIM configurations, an attacker can extract the secret key and duplicate the SIM. Modern SIMs with stronger cryptography are much harder to clone, but the physical, removable nature of the card means the attack surface exists.

SS7 and signaling attacks target the network protocols rather than the SIM, but they are worth mentioning because they let attackers intercept calls and texts regardless of SIM type. These are network-layer weaknesses in the protocols that connect carriers globally.

The physical SIM’s one real security advantage is simplicity: there is no remote provisioning process to attack. You cannot push a malicious profile onto a traditional SIM over the air, because there is no over-the-air profile mechanism. The credential gets onto the card at manufacturing and stays there.

eSIM: The Physical Surface Disappears, a Software Surface Appears

The eSIM removes the single biggest physical weakness of the traditional SIM. There is no card to steal, no card to physically clone, and if a device is stolen, the carrier can more easily disable or switch the profile remotely. For the most common real-world threat, casual SIM swapping built around physical cards, the eSIM is a meaningful improvement.

But “no physical card” does not mean “no attack surface.” It means the attack surface moved.

The new surface is Remote SIM Provisioning. Getting a subscriber profile onto an eSIM is a software process, and software processes can be attacked. The European Union Agency for Cybersecurity (ENISA) has specifically flagged eSIM profile provisioning as a risk area: if an attacker can push a new profile onto a device or hijack the provisioning process, they could potentially take over the device’s connectivity. This is sometimes called eSIM swapping, the digital cousin of the physical swap, where the attack targets the provisioning flow and the account behind it rather than a physical card.

The provisioning ecosystem is governed by GSMA specifications, principally SGP.22 for consumer devices and the newer SGP.32 designed for IoT. These specifications define how profiles are securely prepared, encrypted, and delivered. The security of an eSIM depends heavily on these provisioning systems being implemented correctly. When they are, the eSIM is strong. When the implementation has flaws, the consequences can be serious, which brings us to a real and instructive 2025 example.

In 2025, security researchers demonstrated a vulnerability in Kigen’s eUICC technology. By compromising the chain of trust in the provisioning process, they showed it was possible to extract secret keys and download profiles using a compromised identity. The researchers calculated a Critical CVSS base score of 9.1 when the attack was considered over the air. Kigen awarded a $30,000 reward and, importantly, coordinated with the GSMA to update the TS.48 test profile specification to close the chain-of-trust weakness. This is exactly the kind of attack that does not exist for a physical SIM, because a physical SIM has no remote provisioning chain of trust to compromise.

The lesson is not that eSIMs are unsafe. It is that the eSIM trades a well-understood physical attack surface for a software provisioning surface whose security depends on the correctness of the underlying systems.

iSIM: Maximum Integration, Concentrated Risk

The iSIM is the newest of the three and, in terms of pure architecture, the most physically secure. By embedding the SIM functionality inside a Tamper-Resistant Element on the main SoC, the iSIM has essentially no external physical attack surface. There is no card to remove, no separate chip to probe, and the secure enclave is partitioned from the rest of the chip with its own processing and encryption running a secure operating system.

For IoT in particular, this is a significant advance. Devices can be smaller, use less power, and cost less to build, while gaining a credential store that is genuinely hard to attack physically. For an asset tracker or an industrial sensor deployed in the field, where someone might physically capture the device, the integrated, tamper-resistant design is a real security benefit. iSIM designs align with GSMA and eUICC security assurance standards and are validated under frameworks like Common Criteria.

But integration concentrates risk, and this is the nuance most coverage misses. By embedding the subscriber identity and sensitive keys inside the SoC, the iSIM combines multiple potential points of vulnerability into one chip. The attack surface shifts from “the physical card” to “the firmware and the secure enclave implementation.” The relevant threats become firmware vulnerabilities that could expose iSIM data, weaknesses in the Trusted Execution Environment handling iSIM operations, and sophisticated hardware-level attacks like side-channel analysis and fault injection against the secure element.

The iSIM also inherits the same remote provisioning surface as the eSIM, since it uses the same over-the-air model to receive profiles. So insecure remote management can still allow profile hijacking, just as with eSIM.

In short, the iSIM is the hardest to attack physically and the most demanding to get right at the firmware and silicon level. Its security rests on the correctness of the chip’s secure enclave and provisioning implementation, with very little margin for error because so much is concentrated in one place.

The Honest Comparison

Here is the practical security comparison across the dimensions that actually matter.

The pattern that emerges is the key takeaway. Moving from SIM to eSIM to iSIM does not simply increase security on a single scale. It trades a physical, well-understood attack surface for a software-and-silicon attack surface that is harder to reach but, when it fails, can fail in more impactful ways. The eSIM and iSIM are genuinely better against the most common real-world threat (physical SIM swapping built around cards), while introducing provisioning and firmware risks that depend on correct implementation.

What This Means in Practice

For most individuals, the practical conclusion is straightforward: an eSIM is a reasonable security upgrade over a physical SIM, primarily because it resists the casual physical-swap attacks that cause the most consumer harm. If your phone supports it, using an eSIM is a sensible default.

But, and this is the part that connects to broader security thinking, the SIM type is not where your real protection comes from. SIM swapping in all its forms is ultimately an attack on the account and the recovery process, not just the card. The strongest defense is to stop relying on SMS and phone-based verification for anything important.

This is the same principle I keep coming back to across authentication: phone-number-based verification is a weak second factor regardless of whether the number lives on a physical SIM, an eSIM, or an iSIM. App-based authenticators and hardware security keys are dramatically stronger, because they do not depend on the security of your phone number at all. If an attacker swaps your SIM but your important accounts use app-based or hardware MFA, the swap gains them very little. You can read more about phishing-resistant authentication in my guide to FIDO2 and passkeys.

For enterprises and IoT builders, the conclusion is different. The eSIM and especially the iSIM offer real advantages for fleet management, device security, and physical tamper resistance. But those advantages are entirely dependent on the security of the remote provisioning systems and the secure enclave implementation. The Kigen case is the cautionary tale: the architecture was sound, but a flaw in the chain of trust created a critical vulnerability. If you are deploying eSIM or iSIM at scale, the provisioning infrastructure and its chain of trust deserve as much security scrutiny as the devices themselves.

The most secure SIM is not a form factor. It is a correctly implemented provisioning system combined with not depending on your phone number as a security credential in the first place.

Related reading

• FIDO2 and Passkey Authentication – why phishing-resistant MFA beats phone-based verification
• Password Hashing Algorithms Compared – how credentials should be protected at rest
• Browser Security 2025 – device-level security context
• Cybersecurity Resources – more practical security guidance

The post eSIM vs iSIM vs SIM: Which Is Actually More Secure? appeared first on Deepak Gupta's notebook.

*** This is a Security Bloggers Network syndicated blog from Deepak Gupta's notebook authored by Deepak Gupta. Read the original post at: https://guptadeepak.com/esim-vs-isim-vs-sim-which-is-more-secure/