KT again in hot water with gov’t for covering up additional security lapses

A KT store is seen in Seoul on Nov. 6. [NEWS1]

 
The National Intelligence Service (NIS) had warned both KT and the government in September that text message encryption had been disabled on some KT smartphones — a vulnerability it deemed a major threat to national cybersecurity — but the telco tried to cover it up, according to latest data revealed Thursday.
 
According to NIS data submitted to Rep. Choi Min-hee of the Democratic Party, the intelligence agency had officially alerted KT and the Ministry of Science and ICT after a probe revealing that text messages were not protected through end-to-end encryption, allowing them to be decrypted at intermediary servers.
 
 
The NIS launched the investigation after receiving a tip that “encryption could be disabled on certain KT smartphone models,” according to the lawmaker.
 
The International Organization for Standardization and the Telecommunications Technology Association recommend that telecom providers implement end-to-end encryption so that no server can access message content during transmission. However, the NIS found indications that this protection was disabled on certain KT devices. It did not specify which models were affected, the cause of the vulnerability or whether any data leaks had occurred.
 
A joint government-private investigation team is now examining whether the issue — based on the NIS’s findings — could also be reproduced across KT’s entire network and not just on specific smartphones.
 
KT is currently under government scrutiny for the so-called micro-payment hacking case in which attackers stole authentication information from victims’ text messages and voice response systems. Investigators suspect the hackers may have manipulated illegal base stations, known as femtocells, to disable encryption of SMS and ARS signals transmitted to KT’s core network. They believe the hackers then intercepted the messages in plain text to bypass authentication and make payments. The team said it technically verified this possibility and is now analyzing whether attackers could also access regular call and message data.
 

A KT store is seen in Seoul on Nov. 6. [NEWS1]

 
Separately, documents submitted to Choi by the Ministry of Science and ICT revealed a related issue. KT became aware of an infection by the BPFdoor malware in March last year but only confirmed the breach a month later in April. It then requested a vaccine update from Taiwan-based cybersecurity firm Trend Micro. Although Trend Micro publicly reported that a Korean telecom provider had been targeted, it withheld the name of the company, citing client confidentiality.
 
KT is now facing accusations that it intentionally covered up the incident. “In light of the NIS’s encryption vulnerability report, it appears KT failed to transparently disclose the BPFdoor infection and responded passively to the agency’s notice,” said Choi’s office.
 
Among the 43 infected servers, some reportedly contained subscriber data. KT explained that its detection and response to the BPFdoor attack occurred between April and July of last year, which differs from the timelines cited in Trend Micro’s July and December reports. KT also told the ministry that there were “no cases of damage,” claiming that while breaches occurred, no concrete evidence of harm was found.
 
At the core of the issue is whether KT’s reporting and disclosure of the malware attack were sufficiently clear and timely. If servers containing subscriber data were indeed compromised, the company could be held accountable for failing to promptly disclose and mitigate the risks.
 
Choi reiterated that she would hold KT’s leadership accountable. The joint investigation team continues to probe whether there is a causal link between the encryption vulnerability and the hacking incidents, and whether any data leaks or damage actually occurred.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JEONG JAE-HONG [[email protected]]