eSIM vs physical SIM: Which is safer and how scammers are exploiting the weakest link?

A joint team comprising the Telangana Cyber Security Bureau, the Department of Telecommunications, and the Ramagundam Commissionerate Police, began investigating. What they found was far from an isolated incident.

After days of coordination, the team made their move. Four people were arrested. Over 230 SIM cards, all obtained illegally, were seized, along with five SIM Box devices––tools often used to disguise international calls as local ones, allowing scammers to operate undetected.

In this edition of The Safe Side, indianexpress.com breaks down eSIM vs physical SIM, how each works, and which one offers better security.

What is a SIM card?

A Subscriber Identity Module (SIM) card is your phone’s unique ID, a tiny chip that tells the mobile network who you are. It lets you make calls, send texts, and use the internet.

Inside that little card is critical information: your unique subscriber identity, security details, and network access data. When inserted into your phone, it connects your device to your mobile provider, unlocking everything from messaging friends to streaming videos.

What is an eSIM?

An embedded SIM (eSIM) is a digital version of the traditional SIM card, built directly into your phone or smartwatch. There’s no physical card to insert or remove, and no fiddling with pins or trays.

Switching to a new carrier or plan happens digitally, often in just a few taps. For frequent travellers, it’s especially handy, you can add an international plan without needing a new SIM card.

Cybersecurity researcher and Webhack Solutions founder Arya Tyagi pointed out that eSIMs currently have limited availability. “They’re mostly supported by iPhones, which not everyone can afford. More Android devices need to offer eSIM functionality,” Tyagi said.

He also said that physical SIMs have a unique advantage: “In emergencies, a physical SIM can be quickly transferred to another phone for immediate access to the network, which is something not yet possible with eSIMs.”

SIM fraud risks

Priyanka Kulkarni, manager, telecom, media and technology sector at Aranca, said, “Physical SIMs can be physically stolen, lost, or cloned. Attacks such as SIM swap fraud rely on exploiting this physical aspect combined with social engineering at operator call centers, leading to identity theft and financial fraud worldwide.”

By contrast, eSIMs are embedded in secure hardware and protected with cryptographic protocols. Activation and profile changes require multi-factor authentication, making exploitation much harder. However, Kulkarni warned that lapses in telecom operator verification processes still pose risks.

“eSIMs use advanced encryption to securely store and manage subscriber information, making them significantly less vulnerable to interception or hacking. Since activation and provisioning occur entirely through secure digital channels, they cannot be duplicated or cloned, eliminating a major risk associated with traditional SIM cards,” said Atul Vivek, chief business officer, NxtCell India.

Cybersecurity expert Shubham Singh agreed that eSIMs are generally safer. “They can’t be physically removed or swapped like traditional SIMs, making tampering harder. They’re also less vulnerable to SIM swapping.”

Risks unique to eSIMs

While more secure in many ways, eSIMs rely heavily on software and cloud systems. “If those are compromised, attackers could manipulate eSIM profiles remotely,” Singh warned, adding, “If your email or carrier account gets hacked, someone might activate your eSIM on another device. That’s why strong account security and 2FA are essential.”

Kulkarni cautioned that eSIMs are vulnerable to malware and new threats like memory exhaustion or locking profile attacks, since they can be remotely managed.

Can eSIMs improve privacy?

eSIMs can improve privacy by making SIM theft harder, but they also mean your carrier and device maker may collect more data. “Check your privacy settings and policies,” Singh advised. He also recommended enabling device passcodes, biometrics, and remote-lock tools like Find My iPhone.

eSIM vs physical SIM: A quick comparison

Physical SIMs

• Removable plastic cards; easy to swap between devices.
• Universally compatible with older and newer devices.
• Vulnerable to theft, loss, and SIM swap fraud.
• More plastic waste and logistics overhead.

eSIMs

• Embedded in devices; no SIM tray needed.
• Enable slimmer, water-resistant designs.
• Support multiple profiles and instant carrier switching.
• Limited compatibility in developing regions.
• Reduce plastic waste; align with sustainability goals.

“eSIMs represent the future of secure mobile identity when paired with strong telecom authentication. Physical SIMs remain relevant due to compatibility and simplicity, but for those prioritising security, eSIMs are the safer choice,” Kulkarni said.

Singh predicted that eSIMs will eventually replace physical SIMs altogether. “This is good for mobile security, but it shifts the focus to securing your digital accounts,” he said.

The Safe Side:

As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.