"USIM Hacking Is Like Having Your Home Door Lock Code Stolen"

As the fallout from the SK Telecom hacking incident continues to grow, an IT YouTuber with 880,000 subscribers warned that the leak of customer USIM information is "a problem on a completely different level from previous personal information breaches." He cautioned, "If past hacking incidents involving telecom companies were like having your home address stolen by a thief, this incident is akin to having your home’s door lock code stolen."

On the 28th, customers waiting to replace their SIM cards visited an SK Telecom directly managed store in Mapo-gu, Seoul. SK Telecom started offering free SIM card replacement services to subscribers from this day. Photo by Kang Jinhyung

On the 27th, Techmong posted a video titled "Is it enough just to replace the USIM? The real reason why the SKT hack is so serious" on his YouTube channel, stating, "This time, the issue is on a completely different level from the personal information that has been leaked so far." He explained, "Previously leaked personal information included names, phone numbers, resident registration numbers, and at worst, user IDs and passwords for certain websites. The typical consequences were that my information would be bought and sold on dark web sites, or that I would receive voice phishing calls using my leaked number."

In contrast, regarding the current incident, he emphasized, "The problem is that the personal information leaked from SKT may include truly critical data such as IMSI (International Mobile Subscriber Identity) and USIM authentication keys, which are essential for payment and authentication." Techmong explained, "The most common method of identity verification we use when signing up for a site, retrieving an ID, resetting a password, or making payments is to enter our carrier and phone number, receive an authentication code on our smartphone, and input that code." He added, "The server that was hacked at SKT is directly related to HSS (Home Subscriber Server) authentication." He asserted, "If information such as the IMSI value and USIM authentication value used to identify subscribers was leaked, the potential damage would be so immense that it would be impossible to calculate."

Techmong expressed concern, stating, "If hackers obtain the IMSI or USIM authentication keys, they don’t need to resort to voice phishing to deceive users. They could immediately withdraw money from bank accounts, sign up for suspicious sites, or make unauthorized payments." He continued, "There’s a huge difference between having your home address stolen and having your door lock code stolen. If SKT’s IMSI and authentication keys were truly leaked, hackers could purchase other leaked personal information and combine it, causing enormous damage to both individuals and companies. If, as many fear, everything was truly leaked, this is not just a matter of a simple breach?the company itself could be dismantled."

On the 28th, customers visiting an official SK Telecom certified agency in Jung-gu, Seoul, are waiting to replace their USIM cards. Photo by Kang Jinhyung

Techmong said, "I still can’t believe this is really happening," and added, "I’ve never heard of a case where authentication keys were leaked, so I honestly still can’t believe it." He went on to say, "I think the government will soon impose a fine on SKT, but as always, the amount probably won’t be very large. And since it’s a fine, the money won’t go back to the customers."

Techmong recommended that the first action SKT users should take is to apply for the USIM protection service. However, he also pointed out that since hackers could use the leaked information to bypass the USIM protection service, the most practical solution is to physically replace the USIM and switch carriers.

Techmong also criticized SKT’s inadequate response. He particularly pointed out the delay in establishing a policy for free USIM replacement, even though quick replacement could reduce damage. Techmong said, "It’s estimated that the server was breached on April 18, but free USIM replacements only started on April 28," and criticized, "It’s chaos?they couldn’t replace USIMs due to a shortage, but were still accepting new subscribers."

Previously, on April 22, SK Telecom announced that on April 19, it had detected signs that subscriber USIM information?including phone numbers, USIM authentication keys, IMSI (International Mobile Subscriber Identity), and IMEI (International Mobile Equipment Identity)?had been leaked due to a hacker’s malware attack. SK Telecom is now providing the USIM protection service free of charge and, starting at 10 a.m. on April 28, is offering free USIM replacements to subscribers at T World stores and airport roaming centers nationwide.

SK Telecom currently has about 1 million USIM cards in stock and plans to secure an additional 5 million by the end of next month. However, with 23 million SK Telecom subscribers and 1.87 million MVNO subscribers using the company’s network?a total of 25 million people eligible for replacement?confusion caused by a shortage of USIM cards is expected to continue for some time.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.