“I can't trust KT in ‘The Shepherdess Boy’”

Concerns have been raised over the possibility of creating a duplicate phone after KT has been found to have concealed the infection of malicious code and neglected illegal femtocells. The government and KT stress that there is no leakage of authentication keys, but the security industry raises the possibility that the authentication key has already been transferred to the outside world based on the method of damage to micropayments.

A joint public-private investigation team said in its first interim briefing on Wednesday that KT did not report the discovery of 43 servers infected with BPF Door and Webshell from March to July 2024. KT reported the infringement accident twice in delay and the date of disposal of the servers was different from the actual situation. This is why the company has growing distrust over the issue of cloned phones.

Earlier, KT confirmed that subscriber identification number (IMSI), terminal identification number (IMEI) and mobile phone number were leaked from illegal femtocells in their 20s. Among them, 368 people suffered a total of 243.19 million won (278,810 U.S. dollars) in micropayments. IMSI and IMEI are information that can be used as basic data in the process of generating cloned phones.

In this regard, KT claims that there was no leakage of the authentication key needed to make the cloned phone. The private-public joint investigation team also said that no leakage of authentication keys required for duplicated phones has been confirmed. "We have yet to confirm the leakage of authentication keys required for simulation," said Lee Dong-geun, deputy head of the joint investigation team (Digital Threat Response Headquarters of the Korea Internet & Security Agency). "However, we will closely examine the connection with the additional discovery of malicious code servers."

On the other hand, the security industry points out that there is a possibility of leakage of authentication keys in itself as hackers have succeeded in small payments by intercepting encrypted text (SMS) authentication. "KT continues to deny the possibility of leakage of authentication keys, but there is a possibility that authentication keys have already been released when looking at unauthorized micropayment patterns," a security industry official said on the condition of anonymity.

The National Assembly also judged that KT could not rule out the possibility of additional leakage of customer information over the free replacement of USIM for all customers. Lee Hoon-ki, a lawmaker of the Democratic Party of Korea, said at the parliamentary audit in October, "KT initially said that there was no problem because the authentication key value was encrypted, and that there was no need to replace USIM (suddenly)," and pointed out, "What does it mean?" It is argued that the company is belatedly aware of the leakage of the authentication key and is replacing USIM.

The joint investigation team will conduct further experiments and expert consultations on whether illegal femtocells can steal text messages, phone calls and payment verification information. The judgment on the possibility of a duplicate phone may vary depending on the results of the investigation.

fun3503@chosunbiz.com