KT Draws a Line on Claims of "PASS Hacking" and Expanding Affected Areas

Yonhap News Agency

원본보기 아이콘

Despite KT's explanation regarding the unauthorized small payment hacking incident, the controversy shows no signs of subsiding. Claims have emerged that additional areas have been affected, and suspicions have even been raised about whether the telecommunications companies' PASS authentication system was hacked. This has led to criticism that KT may still be underestimating the seriousness of the situation. Previously, KT denied any security issues, stating, "PASS authentication was functioning properly, and the damages occurred due to ARS authentication information theft." Regarding newly reported affected areas such as Dongjak, Seocho, and Ilsan, which surfaced during a National Assembly briefing, KT explained, "These are only estimated locations based on base station signals and cannot be confirmed as the actual areas where damages occurred."

According to KT and other sources on the 22nd, some victims of unauthorized small payment transactions have claimed, "There are PASS authentication records under my name that I did not initiate." They explained that even though they had not made any payments themselves, authentication logs showed approval records through the PASS application under their own names. As such testimonies surfaced, suspicions arose that the authentication system itself may have been hacked.

PASS is a private electronic authentication service jointly operated by mobile carriers including KT, SK Telecom, and LG Uplus. The app allows users to easily verify their identity using only password, fingerprint, iris, or facial biometric authentication.

원본보기 아이콘

However, KT drew a clear line. The company stated, based on internal log analysis and verification of victim cases, "In the cases in question, the victims did in fact make legitimate payments through the PASS app." However, KT explained that during the subsequent ARS authentication process, the authentication information was stolen by a third party, resulting in unauthorized payments. There was no evidence found that PASS itself had been hacked. KT emphasized, "PASS is a secure authentication method jointly operated by the three telecommunications companies and recommended by the government. We conducted double and triple internal checks, but it was confirmed that this was not a hacking incident."

Contrary to KT's explanation that the affected areas were limited to parts of southern Gyeonggi Province, there are claims that the actual scope of damage is wider. Hwang Jungah, a member of the National Assembly's Science, ICT, Broadcasting and Communications Committee from the Democratic Party of Korea, stated on the 21st, based on materials submitted by KT, that areas where small payment hacking occurred according to authentication time included not only the previously known Gwangmyeong and Geumcheon, but also Seoul's Seocho and Dongjak districts, as well as Ilsandong-gu in Goyang, Gyeonggi Province.

KT explained, "It has not been confirmed that the actual number of affected areas has increased." The company argued that the regions listed in the National Assembly report at the time were 'estimated locations,' not the actual places where damages occurred. Since the location is displayed based on the base station signal to which the mobile phone was connected at the time of payment or authentication, it may differ from the actual site of the illegal activity.

A KT official explained, "Dongjak, Seocho, and Ilsan, as indicated in the report, refer to the locations of the base stations to which the mobile phone was connected at that time, rather than the actual places where payments occurred." For example, even if a victim suffered payment damage in Gwangmyeong, if their phone was connected to the Dongjak base station while moving, the record could show 'Dongjak-gu damage.' The official added, "Since the base station can change frequently during call initiation or termination, or when the phone is powered off and on, the location in the log may differ from the actual site of damage. To confirm the facts of the damage, not only the location record but also evidence of illegal wireless device access, records of small payment transactions, and confirmation that the payment was unauthorized by the user are all required."

원본보기 아이콘

However, despite KT's explanation, suspicions remain. In particular, there are criticisms that the root cause of the incident, which has persisted for nearly a month, has not been sufficiently identified. There are growing calls for KT to release more transparent and detailed investigation results. At the National Assembly Science, ICT, Broadcasting and Communications Committee meeting scheduled for the 24th, a hearing on this hacking incident will be held, with KT executives appearing as witnesses.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.