As controversy over the security of LG Uplus' subscriber identity number (IMSI) design spreads into an issue of "replacing all customers' SIMs," some are saying the government should move to halt new subscriptions. However, inside and outside the industry, the prevailing view is that it is unlikely to lead to a strong administrative measure that actually suspends new subscriptions.
According to the industry on the 25th, the Ministry of Science and ICT gave an in-person briefing to People Power Party lawmaker Kim Jang-kyom's office on the 20th regarding the "LG Uplus IMSI design security controversy," and said it could consider suspending new subscriptions for LG Uplus by referring to the precedent of SK Telecom's suspension of new subscriptions.
At the heart of the controversy is that LG Uplus has long used an IMSI scheme that reflects customers' phone number information. IMSI is a subscriber identity number used when a device first connects to a mobile network and is typically designed on a random-number basis so that, even if the identifier is captured externally, it is difficult to link it directly to a specific individual. However, among the three major carriers, only LG Uplus is understood to have operated a different scheme.
LG Uplus announced follow-up measures to support SIM replacement or software security updates for all customers starting on the 13th of next month. The Ministry of Science and ICT estimates the target at up to 17 million people, including about 11 million LG Uplus subscribers, 1.5 million second-device lines, and 4 million to 5 million budget phone lines. Even by user scale alone, the impact is significant.
LG Uplus began an internal review after SK Telecom's hacking incident in April last year and is said to have internally recognized around June of the same year the need to randomize its IMSI scheme. The company says that based on this, it has been preparing software security updates and SIM replacements since the second half of last year. However, some in the industry note it is somewhat contradictory for a company that has prepared follow-up measures for more than half a year to say it needs time until the 13th of next month due to issues such as linkage and integration with existing systems.
As user inconvenience and confusion are unavoidable, there is a growing call to temporarily block new subscriptions. Since the problematic IMSI method will remain in place until mid-next month, new subscribers at this point could face the double burden of having to replace their SIMs again.
But the general view in the industry is that it will not be easy for the government to take the drastic step of actually suspending new subscriptions. This is because there is no clear mandatory provision in current laws on how the 10-digit IMSI should be designed. It is difficult at this stage to definitively deem it illegal in a matter close to the operators' autonomous domain. Many also assess that the SK Telecom case and the LG Uplus matter are different in nature. In SK Telecom's case, an actual hacking-driven SIM information leak coincided with a shortage of SIM stock, leading the government to demand a halt to new subscriptions. In contrast, for LG Uplus, the core issues are the appropriateness of the IMSI design and security concerns, and the burden on new subscribers to replace their SIMs again.
The market expects that, apart from this controversy, LG Uplus' financial statements will not be significantly shaken immediately. On the 19th, Korea Ratings raised LG Uplus' credit rating to AA+ from AA, saying that while it is necessary to confirm the impact of factors such as SIM replacement expense, considering competitors' prior cases and an expanded subscriber base, the likelihood of a sharp deterioration in financial fundamentals is low.
The key is whether the government will actually take administrative action to suspend new subscriptions or will adjust its response while watching LG Uplus' SIM replacement and remote update plans. A Ministry of Science and ICT official said, "There are differences from the SK Telecom case, where a specific hacking incident occurred and SIMs were in short supply," adding, "In the current situation, my understanding is that we are not at a stage of specifically reviewing a suspension of new subscriptions for LG Uplus."