[2025 Audit] LG Uplus CEO Hong Beomsik: "We Will Report Hacking Evidence to KISA"

LG Uplus, which had previously refused to acknowledge any hacking despite information leaks, has changed its stance and announced it will report evidence of hacking to the relevant authorities.

On October 21, during the National Assembly's Science, ICT, Broadcasting and Communications Committee audit, Hong Beomsik, CEO of LG Uplus, responded to Assemblywoman Lee Haemin of the Rebuilding Korea Party's question about whether the company would report the incident to the Korea Internet & Security Agency (KISA) by saying, "We will do so."

Hong Beomsik, President of LG Uplus. Provided by LG Uplus

Appearing as a witness that day, CEO Hong explained, "I understood that we should report after confirming a cyber breach, but as there has been considerable confusion and misunderstanding, we will review the matter more proactively."

Assemblywoman Lee criticized, "LG Uplus exposed passwords in plain text within the source code without encryption, which is like writing the password on a note and sticking it outside the safe." She added, "Rather than a protective barrier, it's as if a red carpet has been laid out for hackers," and further pointed out, "This is a serious security insensitivity, even before it is a technical issue. I feel like I'm providing security consulting myself."

According to Assemblywoman Lee, LG Uplus's own analysis of its account authority management system revealed a total of eight security vulnerabilities, including the ability to access the system by entering '111111' during the secondary authentication step when connecting via mobile and manipulating a specific memory value.

On the web page, there was a backdoor that allowed access to the administrator page without additional authentication, and the source code exposed in plain text both the three-digit password for accessing the backdoor and the password needed for account management, without any encryption.

When the server account authority management system (APPM) was identified as the target of a cyber breach the previous day, suspicions arose that LG Uplus attempted to erase related traces by updating the server operating system (OS).

According to Assemblywoman Choi Minhee of the Democratic Party of Korea, who chairs the National Assembly's Science, ICT, Broadcasting and Communications Committee, after an anonymous white-hat hacker reported in July that servers at KT and LG Uplus had been hacked, KISA notified both companies and requested internal inspections. The incident was also disclosed in the American hacking journal 'Phrack.'

A month later, the Ministry of Science and ICT requested LG Uplus to submit the results of its internal investigation, and the following day, LG Uplus updated the OS of the servers related to APPM.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.