SKT, Free SIM card replacement begins…Fundamental measures needed for repeated personal information leaks

On the 25th, at SKT Tower in Jung-gu, Seoul, SK Telecom CEO Yoo Young-sang bows to apologize for the hacking of the user Usim (USIM) information management server (Source: News1)

SK Telecom has started free Usim (USIM) replacement from the 28th as a reaction to the personal information leak incident. Amidst the increasing confusion due to the surge in replacement demand, spam messages targeting this are on the rise, further increasing user anxiety.

SKT currently holds a stock of about 1 million Usim and plans to expand it to 5 million by the end of May. The company emphasized, "It is possible to protect personal information just by subscribing to the Usim protection service and blocking abnormal authentication attempts," and announced that they would provide 100% compensation if damage occurs even after subscribing to the protection service.

However, criticism has also arisen regarding the sudden push for Usim replacement in a situation where even the scale of damage is not clearly revealed. The acknowledgment of the seriousness of the situation through Usim replacement while separately highlighting the Usim protection service has been pointed out as a response to minimize the cost burden.

Despite SKT's measures, concerns about secondary damage targeting financial apps or cryptocurrency exchange apps are not subsiding. Criticism is resurfacing that fundamental structural improvements have not been made even after the 'Sim Swapping' incident that occurred two years ago. At that time, the joint certificate stored in Usim was misused during account opening and financial authentication processes, causing massive damages.

Accordingly, the assertion that the entire authentication system must be fundamentally reorganized beyond merely replacing the Usim is gaining strength. Professor Jang Hang-bae of the Department of Industrial Security at Chung-Ang University emphasized, "User measures such as setting Usim passwords or blocking foreign communication have fundamental limitations as clone Usim hacking techniques become more sophisticated," and "Structural change and technical supplementation of the Usim-based authentication system as a whole are urgent."