Abnormal data movement was first detected at SK Telecom’s security control center on the 18th. SK Telecom said it confirmed that a total of 9.7GB of data was transmitted to the outside at the time.
The leaked data has been found to contain key information related to USIM, including phone numbers, USIM authentication key values, mobile subscriber identification numbers and terminal unique identification numbers. Converting these into document files, the volume of a 300-page book amounts to 9,000 pages (about 2.7 million pages).
SK Telecom found a malicious code in the billing analysis equipment at 11:20 p.m. on the 18th after the security control center first detected a traffic abnormality in which 9.7GB of data was transmitted around 6:09 p.m. on the 18th.
At 11:40 p.m. on the 19th, the home subscriber server (HSS) confirmed the suspected data leakage.
Choi stressed, “As public anxiety is great, SK Telecom should secure a larger amount of USIM as soon as possible to take more active measures such as USIM card delivery, and immediately implement practical damage relief measures such as penalty exemption for customers who want to move their numbers.”
Concerns over information leakage are spreading to the financial sector due to SK Telecom’s hacking of USIM. Banks believe that even if a duplicate phone is made with the leaked USIM information, financial transactions are impossible because they have multiple authentication systems, but they are strengthening certification procedures to prepare for possible situations.
According to sources in the financial sector on Monday, KB Kookmin, Shinhan, Hana, and Woori Bank have additional facial verification when SKT customers issue certificates or attempt electronic financial transactions on mobile devices. They have also strengthened monitoring through their own abnormal transaction detection system (FDS). KB Kookmin Bank has additionally required SKT customers to go through a facial verification process when issuing certificates after 5 p.m. the previous day. It has also strengthened monitoring of abnormal transaction detection systems (FDS) that detect illegal access to its mobile app “Star Banking” using leaked USIM information.
An official from Kookmin Bank said, “Since it is not only authenticated by a carrier authentication alone, it is impossible to log in to star banking, change information, or make financial transactions only with the leaked information,” adding, “We are preparing an ’emergency response TF’ to respond immediately in the event of a personal information leakage accident.”
Shinhan Bank has also strengthened transaction monitoring and introduced additional authentication methods to go through mobile phone face authentication procedures if customers attempt electronic financial transactions on different mobile phone devices. Previously, to install financial apps after changing devices, it was necessary to take ID and ARS (Automatic Response System) authentication, but facial authentication allows transactions only when the person’s face and the photo of the real-name verification card registered in the app match.
From this day on, Hana Bank will also introduce additional authentication procedures such as facial recognition for customers using SKT when opening a non-face-to-face account. We are also continuously monitoring the abnormal transaction situation through FDS. If an abnormal transaction is suspected, measures such as suspension of account payment are taken and the relevant information is guided.
An official from Hana Bank said, “The mobile app ‘Hana One Q’ requires additional authentication procedures such as identification of mobile phones and account passwords when making new transactions,” adding, “The use of mobile phones is restricted only by identification of mobile phones.”
Woori Bank also required customers to reissue the “WON certificate” after facial recognition during electronic financial transactions on mobile devices that are different from existing devices. For those suspected of copying USIMs, the electronic financial FDS detection policy is strengthened, and a full inspection and blocking policy for malicious codes used in SKT hacking is also being applied. In preparation for electronic financial infringement, it has been upgraded to a cybersecurity threat response system and strengthened security control.
Earlier on the 24th, the Financial Supervisory Service sent an official document on precautions related to the USIM hacking accident to financial companies and asked them to consider introducing additional authentication methods if authentication is completed only with mobile phone self-authentication or text message authentication. Since then, NH Nonghyup Life Insurance has suspended SK Telecom’s mobile phone self-authentication, and KB Capital has also decided to restrict logging in through mobile phone authentication.
EJ SONG
US ASIA JOURNAL
