On April 28, SK Telecom began offering a free SIM card replacement service. In a store in central Seoul, an SK Telecom employee is seen replacing a SIM card.
SK Telecom addressed the security concerns related to SIM cards that have arisen following a recent server hacking incident. They reassured the public that “There is no risk of asset theft even if the leaked information is used to duplicate a SIM card,” and emphasized the importance of subscribing to the SIM protection service.
In a press release titled “Clarifying Misconceptions about SIM Cards,” SK Telecom stated its intention to correct inaccuracies and provide accurate information regarding their technical measures related to SIM cards.
According to SK Telecom, a SIM card contains information such as the International Mobile Subscriber Identity (IMSI) and the subscriber authentication key (Ki), which are used for identification and authentication of the subscriber. It also holds user-stored information like ‘Mobile T-money’ or certificates. The former is connected to the network, but the latter is not, and therefore is not related to the recent data breach.
The joint investigation team comprised of government and civilian members revealed that four types of SIM-related information, including subscriber phone numbers and IMSI, had been leaked in the hacking incident.
SK Telecom explained that the stolen SIM information only allows for the duplication of the SIM card. This duplication alone does not allow for the theft of bank or virtual asset accounts, nor does it permit the replication of public authentication certificates, as such information does not reside on the SIM card.
Additionally, SK Telecom noted that even if a hacker were to induce a phone reboot using a cloned SIM card and successfully perform SIM swapping, financial assets could not be stolen without further criminal activity, as the necessary personal information or passwords are missing.
The company also highlighted that subscribing to the SIM protection service, which blocks attempts to change the device with a duplicated SIM to another phone, can prevent related damages.
Furthermore, when replacing a SIM card, any certificates or information stored on it must be downloaded anew. SK Telecom also mentioned plans to implement a SIM initialization (formatting) in mid-May, which would require application reset and data backup.
The company added that a SIM card’s password serves as a security measure to lock the SIM, preventing unauthorized use if the SIM is stolen or physically taken, and that this function is unrelated to the recent incident.
(Photo: Yonhap News)