There are three things in the report that make me believe that it would be possible to get the secrets from eSim profile B from a compromised eSIM profile A if they are both installed.
Under "Notes" it says... The hack proves no security / isolation for the eSIM profile and Java apps (no security for eUICC memory content).
- app isolation is broken
Under "The warning call for mobile phone vendors"... Target eUICC chips may run some sensitive applications (digital wallets / payment, digital car keys, transportation cards, access / identification cards, etc.). In case of a successful eSIM compromise, the security / credibility of such apps may be affected.
- perhaps code for we already know this is possible, not talking about it yet...
And towards the end, under "Some recommendations"... always assume your apps, their logic, associated secrets and/or some eSIM content could be revealed (one compromised eUICC identity can be used to download and peek into eSIM of any MNO)
Under "Notes" it says... The hack proves no security / isolation for the eSIM profile and Java apps (no security for eUICC memory content).
- app isolation is broken
Under "The warning call for mobile phone vendors"... Target eUICC chips may run some sensitive applications (digital wallets / payment, digital car keys, transportation cards, access / identification cards, etc.). In case of a successful eSIM compromise, the security / credibility of such apps may be affected.
- perhaps code for we already know this is possible, not talking about it yet...
And towards the end, under "Some recommendations"... always assume your apps, their logic, associated secrets and/or some eSIM content could be revealed (one compromised eUICC identity can be used to download and peek into eSIM of any MNO)
- directly talks about other secret extraction