Further discussion is needed on the retroactive period and scope of KT's penalty fee waiver.
Vice Minister Ryu Je-myeong of the Ministry of Science and ICT said this at a briefing on the final investigation results of the hacking incidents at KT and LG Uplus, held on the 29th at Government Complex Seoul.
The Vice Minister said, "For this incident, we concluded that a penalty fee waiver is needed for all KT users. The retroactive period and scope of the penalty fee waiver will be decided based on KT's own judgment and the government's legal advice," and added, "As SK Telecom decided to waive penalty fees after a similar incident, KT will also make an appropriate decision that minimizes customer inconvenience and meets public expectations."
According to the Ministry of Science and ICT, due to illegal femtocells (small base stations), KT leaked the International Mobile Subscriber Identity (IMSI), International Mobile Equipment Identity (IMEI), and phone numbers of 22,227 subscribers, and 368 customers suffered unauthorized small payments totaling 243 million won. The Vice Minister explained, "KT used the same certificate for femtocells, allowing illegal femtocells to easily access the internal network," and "KT set the certificate validity period to 10 years, enabling illegal femtocells to access the internal network for a long time, which exposed personal information to the risk of theft."
Lee Dong-geun, head of the Digital Threat Response Bureau at the Korea Internet & Security Agency (KISA), said, "KT had clear security vulnerabilities in certificate management for femtocells, security for outsourced manufacturers, and management of abnormal IP access," and added, "As a result, it was revealed that 43 servers infected with malware such as BPFDoor were handled internally without reporting." He continued, "KT is currently drawing up recurrence prevention measures to strengthen security," and added, "The government will review them and require additional security steps."
On this day, the Ministry of Science and ICT clarified clear criteria for imposing a business suspension penalty. The Vice Minister said, "If issues arise related to SIM card replacement for existing subscribers, the government must take appropriate measures such as business suspension. However, in KT's case, because the hacking incident did not confirm a situation that required SIM replacement, no separate business suspension was imposed."
Choi Woo-hyeok, director general of the Network Policy Office at the Ministry of Science and ICT, said, "In SK Telecom's case, suspending new sales was a measure to avoid hindering SIM card replacements for existing subscribers when the situation required a focus on SIM replacement," and added, "For KT, we have so far determined that SIM replacement is not necessary, so no business suspension was imposed."
Security issues with iPhone devices were also mentioned. Director General Lee said, "On iPhone 16 and earlier models, end-to-end encryption was not properly applied, creating a risk of information theft via illegal femtocells," and explained, "KT recognized the issue, strengthened settings to prevent end-to-end encryption from being disabled, and is enhancing monitoring to prevent a recurrence." He added, "Samsung Galaxy devices have encryption enabled by default, but settings may differ on some devices purchased overseas (Galaxy) or distributed in other regions."
The Ministry of Science and ICT also announced the results of its investigation into the LG Uplus hacking incident. The Vice Minister said, "To confirm evidence of breaches such as information leakage, we sought to conduct forensic and other in-depth analyses of the relevant servers, but a smooth investigation was impossible due to operating system (OS) reinstallation or server disposal," and added, "Considering that the server disposal and other actions occurred after KISA notified LG Uplus of indications of a breach on Jul. 19, we requested an investigation by the Korean National Police Agency on suspicion of obstruction of official duties by deception."