"They run their own OS and can stay on independent of the rest of the hardware consuming very little power."
It's worse - there's a second, independent computer inside your phone that you have no control over: the SIM card.
The SIM is a standalone computer with its own processor and memory which your carrier can communicate with and upload programs to run on it without your knowledge ("OTA updates", etc.)
Seeing the ShadySIM project mentioned on that page reminded me of this DEFCON talk, which talks about some of the capabilities of the SIM OS (some of them run Java!) and what power they grant you over phones if you have control over the underlying cell network (legitimately or otherwise).
TBF, eSIM as you describe it is not "no physical sim card at all", so they might be confusing it with something else. (I assumed, based on their phrasing, that they were talking about a virtuallized SIM card running in a (hopefully suitably locked-down) VM.)
It's worse - there's a second, independent computer inside your phone that you have no control over: the SIM card.
The SIM is a standalone computer with its own processor and memory which your carrier can communicate with and upload programs to run on it without your knowledge ("OTA updates", etc.)
https://osmocom.org/projects/cellular-infrastructure/wiki/SI...
ftp://www.3gpp.org/tsg_sa/WG3_Security/TSGS3_30_Povoa/Docs/PDF/S3-030534.pdf