 |
Photo courtesy of Yonhap News |
[Alpha Biz= Kim Young Taek] LG Uplus has come under fire after acknowledging vulnerabilities in its subscriber identity (IMSI) system and launching a large-scale network overhaul, raising concerns that its 5G services were effectively operating on outdated, 2G-level security standards.
According to the office of Rep. Kim Jang-gyeom of the People Power Party on March 27, LG Uplus is currently revamping 257 units of equipment across 16 systems, including customer databases, voice call processing, and USIM activation infrastructure.
At the center of the controversy is the company’s longstanding use of IMSI—a unique subscriber identifier—linked to phone numbers. Despite being a critical piece of encrypted security data, LG Uplus reportedly generated IMSI based on mobile numbers, potentially exposing users to risks of data inference or interception by third parties.
Industry observers criticized the practice as a legacy issue stemming from the company’s decision to skip 3G deployment and move directly to LTE, retaining outdated 2G-era systems for cost efficiency.
While LG Uplus maintains that its previous system did not violate regulations, security experts argue that the company prioritized operational convenience and cost savings over fundamental user privacy protections.
The overhaul is expected to impose significant inconvenience on consumers. Approximately 4.4 million users are subject to USIM replacement or reconfiguration, yet initial supply levels fall short, raising concerns over potential shortages and disruptions at retail locations.
The upgrade also includes the introduction of SUCI (Subscription Concealed Identifier), an encryption-based identifier used in 5G standalone (SA) networks. Although LG Uplus has framed this as a major security enhancement, critics note that it merely brings the company in line with baseline modern telecom security standards.
Subscribers of mobile virtual network operators (MVNOs) using LG Uplus infrastructure are also affected, further expanding the scope of disruption.
Yoon Yong-pil, a visiting professor at Hankuk University of Foreign Studies, told AlphaBiz that “security is an area that requires proactive investment before incidents occur,” adding that LG Uplus had neglected the issue for over a decade under the pretext of “structural limitations.” He also warned that the company’s plan to complete the overhaul by April could lead to additional quality issues or errors due to the tight timeline.
Alphabiz 김영택 기자(sitory0103@alphabiz.co.kr)
