[Editor's note] Unauthorized small-amount charges to KT subscribers are continuing. Triggered by a new hacking method not previously known in Korea, an unregistered base station connected to the network and induced payments. We examine the structural vulnerabilities in telecom infrastructure security that caused this incident and the consumer responses needed to prevent further damage.
A hack of the femtocell network, or ultra-small base stations, is suspected as the cause of the recent unauthorized microcharge incident at KT. While this is a new hacking method in Korea, cases have been observed overseas. Experts had warned of security vulnerabilities in femtocell network hacking for more than 10 years, but there are also suspicions that KT failed in its initial response by leaving itself defenseless.
KT said on the 11th that the personal information of 5,561 subscribers was leaked through an "unregistered ultra-small base station (ghost base station)," identified as the cause of the unauthorized microcharge incident. Ultra-small base stations, known as femtocells, provide communications within a 10-meter radius. There are two ways to hack femtocells: directly hacking femtocells already operated by a telecom company, or newly installing femtocell equipment and then hacking the existing telecom network to connect it. KT currently claims that its network was hacked by the latter method. KT operates 157,000 femtocells, the largest among the three telecom companies. SK Telecom operates 7,000 units, and LG Uplus operates 28,000.
In Korea, where small-amount payments can be made by mobile phone, femtocell hacking led directly to monetary damage, but overseas it is mainly used for sending illegal messages or smishing crimes. On Apr. in Japan, an unidentified hacker mounted an unregistered ultra-small base station on a vehicle and drove around downtown Tokyo and Osaka, sending messages to nearby people using mobile phones for phishing, saying their "bank accounts have been frozen."
In Aug. last year in Thailand, a group that installed unregistered ultra-small base station equipment in a vehicle and drove around the city sending smishing texts to nearby users was arrested by police. On the 9th, Switzerland's National Cyber Security Centre (NCSC) said, "There has been a surge in reports of spam texts impersonating parking fine notices in western Switzerland, and what stands out is that victims actually visited those locations," adding, "This is interpreted as indicating that criminals used a small ghost base station that can be carried in a backpack to intercept signals and send manipulated messages."
Femtocell hacking is a new method in Korea, but it is already common overseas. The method first became known in 2013 when security experts hacked a femtocell from Verizon, the largest U.S. telecom company. They demonstrated the process of intercepting calls, text messages, and internet usage data from smartphones connected after hacking Verizon's femtocell equipment.
Verizon fixed the vulnerability based on advice from security experts, but the case served to widely publicize the weaknesses of femtocell security. At the time, security expert Chris Eng (former vice president at the app security analysis firm Veracode) said, "If someone installs an illegal femtocell for the purpose of hacking, there is a possibility of intercepting the telecom network," highlighting the dangers of femtocell hacking. Around the same time, researchers at the U.S. security company iSEC Partners also warned, "If you hack a femtocell, you can view users' text messages and even eavesdrop on call content."
In Korea as well, there was research about 10 years ago on the risks of femtocell hacking. In 2014, a KAIST research team detected several security vulnerabilities, including exposure of passwords that only administrators can access, if a hacker compromises a femtocell. According to the industry, the three telecom firms, including KT, were informed of these findings by the KAIST team. On this, KT said, "We cannot answer because it has not yet been confirmed."