Hundreds Line Up at SKT Stores to Replace SIM Cards... Is Replacement Really Necessary? [Why&Next]

"I failed yesterday, so I lined up early to replace my SIM card before going to work." On April 29, in front of an SK Telecom agency in Jung-gu, Seoul, people were waiting from 8 a.m. on the second day of SIM card replacements. The previous day, 230,000 replacements were made, and the number of online reservations reached 2.63 million.

The reason SKT subscribers are rushing to replace their SIM cards is due to security concerns. The subscriber information believed to have been leaked in this hacking incident includes phone numbers, SIM authentication key values, mobile subscriber identification numbers, and device unique identification numbers. In particular, there are concerns about 'SIM cloning,' which creates a duplicate phone using information stored on the SIM card, and 'SIM swapping,' in which hackers who have already obtained personal information such as resident registration numbers or ID cards impersonate users to obtain new SIM cards and use them for financial crimes. As a result, subscribers want to replace their SIM cards as soon as possible.

On the 28th, customers waiting to replace their SIM cards visited an official SK Telecom certified agency in Mapo-gu, Seoul. SK Telecom plans to offer free SIM card replacement services to subscribers starting today. Photo by Kang Jinhyung

Although SKT subscribers are rushing to replace their SIM cards, some experts argue that the situation should be assessed more calmly. Some experts say that simply subscribing to the SIM protection service can provide a similar level of security, so there is no need for excessive fear.

Kim Seungjoo, a professor at Korea University's Graduate School of Information Security, explained, "If SIM information is leaked, so-called 'cloned phones' can be created, which can intercept calls and text messages. Using authentication codes received via phone or text, hackers can bypass identity verification procedures and take over accounts such as social networking services (SNS)."

He added, "For a cloned phone to connect to the network, the user must turn off their mobile phone, and then the hacker turns on the cloned phone. Hackers may impersonate government agencies and contact users, telling them to reboot their phones. The moment the user turns off their phone, control is transferred to the cloned phone."

Professor Kim explained that subscribing to the SIM protection service is necessary to prevent SIM cloning crimes that create duplicate phones. He said, "This service prevents hackers from using leaked SIM information to activate a new mobile phone. If you subscribe to this service, there is no need to replace your SIM card." However, he added, "If you do not receive calls or texts for a day or two, you should suspect that a cloned phone has been created."

Jang Hangbae, a professor at Chung-Ang University's Department of Industrial Security, also stated, "Even if a cloned phone connects to the network, its authenticity is checked, so damage can be prevented. While replacing the SIM card could be a way to minimize risk, the SIM protection service alone seems sufficient."

A similar incident occurred at LG Uplus in 2023. At that time, SIM information such as the phone numbers and unique numbers of about 290,000 subscribers, as well as names, dates of birth, addresses, and email addresses, were leaked. However, there have been no reported cases of damage from cloned phones based on the leaked information so far.

However, in the worst-case scenario, there are concerns about SIM swapping. Kim Jungmin, a telecommunications and IT lawyer at Law Firm Weon, warned, "If you fall victim to a SIM swapping attack, paid transactions via mobile phone or even financial assets that can be traded remotely may be at risk. In extreme cases, it could also be exploited for voice phishing or fraud against third parties."

Park Chunsik, a professor at Ajou University's Department of Cybersecurity, also said, "If the SKT hacker abuses personal information leaked through the dark web, even bigger problems could arise than cloned phones." He added, "Replacing the SIM card can prevent immediate damage, but to fundamentally prevent such incidents, additional steps should be introduced for identity verification. Implementing biometric authentication procedures using fingerprints or facial recognition is one possible solution."

Especially as large-scale hacking incidents have continued recently, the risk of SIM swapping damage becoming a reality has increased. On April 19, a hacker attack on KS Employment Information, a call center outsourcing company, exposed ID cards, bankbook copies, resident registration certificates, photos, and handwritten signatures of 36,000 people on the dark web. Hwang Seokjin, a professor at Dongguk University's Graduate School of International Information Security, said, "If hackers who already possess leaked personal information from other sources also obtain SIM information of 23 million people, there is a serious risk of large-scale damage such as SIM swapping."

On the 28th, customers waiting to replace their SIM cards visited an official SK Telecom certified agency in Mapo-gu, Seoul. SK Telecom plans to offer free SIM card replacement services to subscribers starting today. Photo by Kang Jinhyung

In South Korea, around 40 cases of SIM swapping-related damage among KT subscribers were reported to the police in early 2022. Victims reported that their phones suddenly stopped working and received notifications that their devices had been changed, after which they lost amounts ranging from several million won to as much as 2.7 billion won in virtual assets.

An SKT representative stated, "In the worst-case scenario, there is a risk that illegally manufactured SIM cards could be used, but we have implemented an Abnormal Authentication Attempt Blocking System (FDS), and we suspend usage if suspicious activity is detected, so the likelihood of related problems occurring is extremely low." FDS is a system that forcibly shuts down a cloned device if it operates using SIM card information identical to the user's phone.

However, such explanations are not enough to completely allay user concerns. The government and SKT are currently investigating the scale of the SIM information leak and the circumstances of the hacking. Koh Haksoo, chairman of the Personal Information Protection Commission, stated at the National Assembly's Political Affairs Committee plenary session the previous day, "We are currently conducting forensics on the compromised SKT server. Forensics usually takes two to three months, and if the system is complex, it can take more than a year."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.