FDS Detection Upgraded to Highest Level
"No IMEI Leak Confirmed... No Additional Personal Data Breach"
SK Telecom is further strengthening its security measures for the Fraud Detection System (FDS) in response to the recent USIM information leak incident. This comes after it was confirmed that servers containing users' personal information and device unique identification numbers (IMEI) were also attacked by malware.
Ryu Junghwan, Vice President and Head of SKT Infrastructure Network Center, stated at the daily briefing held on the afternoon of the 19th at Samhwa Tower, Jung-gu, Seoul, "Through FDS 2.0, which is provided to all customers, we are blocking attempts by cloned phones to access the SKT network," adding, "Even if IMEI information is leaked, cloning is virtually impossible."
Earlier, the SKT USIM hacking incident joint public-private investigation team announced the results of its second investigation related to the SKT security breach at the Government Complex Seoul on the morning of the same day. They revealed that some servers used for customer authentication were infected with malware. These servers temporarily stored personal information such as IMEI, names, and phone numbers. It was confirmed that files stored on these servers contained a total of approximately 290,000 IMEIs.
Ryu Junghwan, Vice President and Head of SKT Infrastructure Network Center, is presenting at the daily briefing held on the afternoon of the 19th at Samhwa Tower, Jung-gu, Seoul. Photo by Lee Myunghwan
The IMEI is a unique identification number assigned to each device, serving as a kind of resident registration number for each mobile phone. To create a cloned phone, not only the IMEI but also the subscriber identification number (IMSI) and a cloned USIM are required. The leak of IMSI and USIM information was already revealed in the first investigation results announced on April 29. With the possibility of IMEI leakage raised in this second investigation, there are concerns that someone could clone a USIM and insert it into another device to commit illegal acts. A senior official from the Ministry of Science and ICT explained, "We have determined that there was no leakage during the period for which communication logs are available, but it is impossible to know what happened before that."
SKT drew a clear line, stating that no additional information, including IMEI data on the affected server, was leaked. Ryu emphasized, "The 290,000 IMEI records have not been confirmed as leaked, and cloning is virtually impossible," adding, "No additional personal information has been confirmed as leaked." Ryu further explained that no damages from illegal USIM cloning have been found in data patterns or in cases reported to the police.
SKT explained that illegal device cloning is virtually impossible with only the IMEI leaked. This is because the key values for authenticating IMEI information are held by each device manufacturer. Even if an IMEI number is cloned onto another device, the authentication process by the device manufacturer can detect and block the clone. Even if a device were to pass the manufacturer's authentication, it would still need to pass the mobile carrier's authentication.
In response to the joint investigation team's request for additional measures, SKT upgraded its FDS system to version 2.0 at 4 a.m. on the 18th. FDS is a service that SKT has operated since 2023, which detects and blocks various abnormal authentication attempts, including illegal cloned USIM authentication, in real time on the network. If someone attempts to authenticate on the network with an illegally cloned USIM, the system monitors and blocks it in real time. Through this, SKT explained that it is able to block even the access of illegally cloned phones. The enhanced FDS system is also applied to MVNO operators that use the SKT network.
Ryu emphasized, "FDS 2.0 is a service that verifies whether a device is a legitimate subscriber when it connects to the network, and we have applied the highest level of technology currently available," adding, "Customers can rest assured. If any damages occur due to illegally cloned USIMs or devices, we will take responsibility."
However, it was found that encryption was not applied to the temporary server where malware was discovered. Regarding the reason for not encrypting the temporary server, Ryu explained, "Encryption and antivirus installation can cause performance degradation," adding, "There were shortcomings, and we are reviewing the entire process." SKT is now considering strengthening safety measures, including applying encryption and installing security devices, in response to this incident.
SKT emphasized that it is providing a safety package to all customers, which includes FDS, USIM protection services, and USIM replacement.
Meanwhile, as of the previous day, the 18th, 190,000 customers had completed USIM replacement, bringing the cumulative total to 2.19 million. The number of customers still waiting for USIM replacement is 6.62 million. The cumulative number of customers who have completed USIM reset stands at 114,000.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
