Security Vulnerabilities Highlighted at the Parliamentary Hearing on the 8th
SK Telecom was found to be the only major telecommunications company in South Korea that did not encrypt USIM authentication keys. At a parliamentary hearing on the SKT hacking incident held by the National Assembly's Science, ICT, Broadcasting and Communications Committee on the 8th, Noh Jongmyeon, a member of the Democratic Party of Korea, criticized, "Only SKT failed to encrypt the authentication key, which is equivalent to the USIM password," and added, "This constitutes a failure to fulfill the duty of care required of a prudent manager."
In response, Minister of Science and ICT, Yoo Sangim, stated, "It was negligent of SKT not to encrypt the USIM authentication key," and added, "We will provide guidance to ensure that authentication keys are encrypted in the future, as encryption is more advantageous for security."
Regarding the encryption of the International Mobile Subscriber Identity (IMSI), Minister Yoo explained, "This is not being implemented by the three domestic telecom companies, nor by mobile carriers worldwide."
When asked about the possibility of International Mobile Equipment Identity (IMEI) leakage, Minister Yoo responded, "So far, there has been no confirmed leakage, but we cannot be absolutely certain that there is no possibility." He also acknowledged that the USIM protection service cannot provide perfect protection.
On the other hand, SKT CEO Yoo Youngsang stated, "As of now, it is 100% safe," while Vice President Ryu Junghwan added, "We are preparing defensive measures related to authentication keys."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
