On the 18th, LG Uplus announced that it is checking the security vulnerabilities of all its services while conducting 'black box penetration testing' with the offensive security specialist, Nkey White Hat, for eight months.
Black box penetration testing is characterized by the fact that the corporations requesting the inspection do not provide any information related to security and that it is conducted without separate scenarios. Typical penetration testing is carried out by agreeing on specific conditions or situations with the company.
This black box penetration testing by LG Uplus is expected to allow for the identification of vulnerabilities and enhancement of the overall security system level, as white hat hackers will utilize all available methods from the perspective of external attackers to attempt to infiltrate their services.
LG Uplus has been conducting black box penetration testing since last November. Until the first half of this year, it will undergo inspection by a group of white hat hackers for about eight months. The inspection will not be limited to specific areas, targeting all services of LG Uplus that can be accessed externally via the internet.
Through this record-length and largest penetration testing project, LG Uplus aims to identify security gaps latent in its services. Specifically, the key is to determine whether hackers can access the internal network in ways that LG Uplus did not anticipate and seize servers or extract important information such as personal data or company secrets.
During the penetration testing period, LG Uplus plans to jointly inspect and remediate the service vulnerabilities identified with Nkey White Hat. Through this, it aims to proactively eliminate security threats and utilize important capabilities in responding to actual cyberattack situations.
LG Uplus has been operating a bug bounty program since the second half of last year, where anyone who discovers and reports security vulnerabilities in the company will receive a reward. At the end of last year, it established a 'Privacy Center' for systematic personal data management.
Hong Kwan-hee, Chief Information Security Officer/Chief Privacy Officer at LG Uplus, noted, 'As the use of AI increases, customers' anxiety about security is also growing.' He added, 'We will continue to strengthen our information security capabilities to become a company that provides services customers can use with confidence.'