[Alpha Biz= Reporter Lee Joonhyun] Seoul, January 9, 2026 – SK Telecom’s SIM reset service, introduced after last year’s massive personal data breach, is facing renewed scrutiny as questions arise over its actual security effectiveness.

In the 2025 cyberattack, personal information of approximately 23 million subscribers—including phone numbers, International Mobile Subscriber Identities (IMSI), and SIM authentication keys—was compromised. In response, SK Telecom advised hundreds of thousands of subscribers to replace or reset their SIMs, claiming that SIM resets offered the same security protection as physical SIM replacements.

 

 

 

However, at the recent 39C3 security conference in Germany, a research team from Berlin University of Technology presented findings suggesting that authentication keys remained unchanged after SIM resets, potentially allowing eavesdropping.

Dr. Shinjo Park and his team analyzed authentication tokens before and after the SIM reset and found that while the IMSI changed, the authentication key stayed the same. Because subscriber authentication relies on shared keys between the SIM and network, the unchanged keys mean that SIM duplication could still be possible if the IMSI is known, posing a risk of secondary breaches. Dr. Park described SIM resets as a temporary measure that merely buys time, rather than providing complete protection.

SK Telecom had introduced the SIM reset solution in May 2025, asserting it effectively updated network authentication information and offered the same protection level as physical SIM replacement. The German findings challenge this claim, raising concerns that eavesdropping could be technically feasible in LTE environments where IMSIs are transmitted in plain text.

 

Professor Yeom Heung-yeol of Soonchunhyang University’s Department of Information Security stated, “If the authentication key does not change during a SIM reset, it represents a technical flaw in SK Telecom’s system.” He emphasized that with leaked keys, decrypting voice communications could be possible.

SK Telecom responded, noting that “the initial issues with authentication keys were identified and addressed, and the SIM reset service has since been updated, so there are currently no problems.”

The research highlights the need for transparency and verification of security measures, especially when companies publicly assure customers of protection levels.

 

 

 

[ⓒ 알파경제. 무단전재-재배포 금지]