 |
Photo courtesy of Yonhap News |
[Alpha Biz= Paul Lee] LG Uplus is facing growing user concerns after it was revealed that its SIM card design allows subscribers’ phone numbers to be inferred from their IMSI (International Mobile Subscriber Identity).
The controversy stems from LG Uplus’ IMSI structure, which follows a legacy format combining country code, carrier code, and phone number. Unlike other telecom operators such as SK Telecom and KT—which have adopted randomized or encrypted IMSI formats—LG Uplus retained an older system after transitioning directly from 2G to LTE, bypassing 3G standards that recommended stronger security measures.
As a result, the IMSI could be more easily inferred even by non-experts, raising concerns about potential misuse. Critics warn that such exposure could enable phishing attacks or allow malicious actors to track user activity by linking IMSI data with phone numbers.
In response, LG Uplus announced that it will randomize its IMSI system and begin offering free SIM card replacements starting April 13.
While the current system does not violate international standards or domestic laws—and IMSI is not subject to mandatory encryption under Korea’s Personal Information Protection Act—security concerns persist, particularly following past incidents where hackers exploited identifiers such as IMSI and IMEI to intercept communications.
The issue has also prompted swift action from lawmakers. Rep. Choi Min-hee, chair of the National Assembly’s Science, ICT, Broadcasting and Communications Committee, has proposed a revision to the Telecommunications Business Act to require clearer regulations on identifier systems, aiming to strengthen oversight and security standards beyond voluntary industry practices.
Alphabiz Reporter Paul Lee(hoondork1977@alphabiz.co.kr)
