All femtocells equipped to KT have been discovered to make use of equivalent certificates. This enabled hackers to simply copy certificates and entry KT’s community utilizing unlawful femtocells. Moreover, circumstances had been found indicating that KT knew about malware infections final yr however tried to hide the breach incident itself by failing to report such info.
The general public-private joint investigation workforce investigating unauthorized micro-payment incidents at KT introduced these findings on Nov. 6 through the launch of interim investigation outcomes. The investigation workforce was fashioned and has been working since September when it was found that unlawful units not registered with KT had accessed the inner community. Throughout this course of, the investigation workforce introduced on the seventeenth of final month that micro-payment damages affecting 368 folks totaling 243.19 million gained had occurred.
This time, the investigation workforce examined KT’s femtocell administration system to establish the causes of the breach incident. Investigation outcomes confirmed that each one femtocells equipped to KT use equivalent certificates. On this case, merely copying the related certificates would permit unlawful femtocells to entry KT’s community. KT certificates are set with a validity interval of 10 years, that means femtocells which have accessed KT’s community even as soon as can proceed accessing indefinitely. Moreover, femtocell producers offered essential data equivalent to cell IDs, certificates, and KT server IPs put in on femtocells to femtocell manufacturing subcontractors with out safety administration programs, and it was potential to simply confirm and extract such data from femtocell storage units.
KT was not blocking irregular IPs equivalent to different firms’ or abroad IPs throughout femtocell entry authentication processes on the inner community, and was additionally not verifying whether or not configuration data equivalent to femtocell product serial numbers and set up location data matched data registered on KT’s community. Accordingly, the investigation workforce has taken measures requiring KT to problem separate certificates for every femtocell product.
Moreover, it was discovered that those that seized management of unlawful femtocells might decrypt KT’s end-to-end encryption. KT employs part encryption between terminals and base stations and end-to-end encryption between terminals and core networks in response to requirements really useful by the Worldwide Standardization Group (3GPP) and the Telecommunications Expertise Affiliation (TTA). Nonetheless, with end-to-end encryption disabled, unlawful femtocells appeared in a position to get hold of authentication data (ARS, SMS) in plain textual content. The investigation workforce plans to research via skilled consultations and extra experiments whether or not unlawful femtocells can intercept not solely cost authentication data but in addition textual content messages and voice calls.
In the meantime, the investigation workforce confirmed that malware breach incidents together with BPFDoor occurred at KT between March and July of final yr, and that KT dealt with these internally with out reporting them. The workforce can also be analyzing KT’s delayed reporting after receiving notification from police on September 1st about unauthorized micro-payments in particular areas, discovering irregular communication name patterns associated to unauthorized micro-payments on the inner community, implementing blocking measures, and subsequently submitting delayed experiences. The investigation workforce said, “We view this matter with utmost gravity and plan to totally make clear the info and request acceptable measures from related businesses.”
