[Editor's note] Unauthorized small-amount payment losses among KT subscribers continue. Caused by a new hacking method that had not been known before, an unregistered base station connected to the network and induced payments. We examine the structural vulnerabilities in telecom infrastructure security that led to this incident and consumer responses to prevent further damage.
"It makes me uneasy that money could be withdrawn at any time without my knowledge."
A person surnamed Kim (56), who has used KT for more than 20 years, said this. Not only Kim but also subscribers of the three mobile carriers, including SK Telecom and LG Uplus, feel uneasy, saying they too could become victims of the recent KT small-amount payment incident. Although an illegal micro base station (femtocell) has been identified as the cause of this incident, the exact sequence of events and the method of the crime have not been confirmed. We compiled a Q&A with advice from the government, experts, and KT to prevent additional small-amount payment damage.
- What is the timeline of this incident.
From the 1st to the 4th, 278 cases of unauthorized small-amount payments (about 170 million won in losses) were confirmed, centered around the Gwangmyeong area of Gyeonggi Province. An unapproved femtocell is suspected as the cause. KT and the government believe that illegal equipment accessed KT's network without authorization and intercepted signals from about 19,000 devices. Among them, the IMSIs of 5,561 people were leaked, and 278 people have suffered monetary losses so far. An IMSI is a unique subscriber number stored on the USIM (subscriber identity module) and is sensitive information that can be abused for crimes such as phone cloning.
- Is there a possibility of additional damage.
As the investigation is still underway, neither KT subscribers nor other carriers' subscribers can be assured yet. KT completely restricted new micro base stations from connecting to the network starting at 9 a.m. on the 9th. The government requested SK Telecom and LG Uplus to block connections as well. However, the illegal equipment has not yet been found, and it has not been confirmed how the perpetrator passed the small-amount payment ARS authentication, which requires personal information such as date of birth. Subscribers need to conduct their own checks.
- How can people prevent damage.
It is recommended to lower the limit for small-amount payments as much as possible. Completely blocking small-amount payments is another option. However, currently, if subscribers apply to block small-amount payments at the source, carriers are taking measures so that the service cannot be used again until the number is ported. This is because carriers have provided source-blocking services for subscribers seeking to prevent small-amount payments from being used in crimes. To reduce inconvenience, it is safer to contact customer service and adjust the small-amount payment limit.
In addition, you can use biometric authentication services. Because biometric authentication encrypts and stores authentication information on the device (smartphone) itself, information is not sent to external servers. Starting on the 12th, KT will allow only biometric authentication through the electronic document authentication service PASS app as a means of small-amount payment authentication.
You can also subscribe to the USIM protection service provided by carriers. The USIM protection service manages cases where a USIM is inserted into a device other than the one verified under your name, or it binds and manages device and USIM information as one. Even if someone else steals only the USIM information and applies it to another device, they cannot access the service.
- Where should people report if they suspect damage.
You should check small-amount payment records through your carrier's customer center or dedicated app. The dedicated apps are T World for SK Telecom, My KT for KT, and Your U+ for LG Uplus. If suspected damage is confirmed, report it immediately to the mobile carrier and the payment gateway. If necessary, you can file a police complaint after securing supporting documents. KT operates a 24-hour dedicated customer center (080-722-0100).
- How can people prevent secondary damage such as smishing or voice phishing.
Criminal groups may approach subscribers with false claims that information has been leaked. KT is currently identifying and contacting victims. However, it is providing only guidance on blocking small-amount payments at the source and on subscribing to the USIM information service. If the caller mentions keywords such as "refund" or "compensation for damages," it is highly likely to be a scam. Do not comply if someone tries to steal personal information or urges you to install an app under the pretext of checking your mobile phone small-amount payment damage.