Sign in Subscribe
By Ian Werther in News

LG Uplus begins free USIM replacements amid IMSI concerns; rivals use random IMSI.

LG Uplus said on April 17 that it will begin free USIM replacements for all customers, starting with April 13. The program also covers customers of MVNOs (alttel폰) that use LG Uplus’ network.

The move targets a security vulnerability tied to the IMSI, the International Mobile Subscriber Identity, used to identify mobile subscribers. LG Uplus explained that, in designing the IMSI, the values were set to reflect actual phone numbers, meaning someone who knows a user’s number could in theory map it to that user’s IMSI.

LG Uplus defended the approach by noting that authentication also relies on encrypted keys, which mitigate the risk of a security incident even if the IMSI is exposed. The company emphasized that the immediate issue is structural and administrative rather than an active breach.

Industry observers contrasted LG Uplus’s approach with rivals. SK Telecom (SKT) and KT (Korea Telecom) are said to manage IMSI values as independent random numbers, a practice viewed by some in the telecom sector as aligning with basic security principles in mobile networks. A telecom industry official cited the LG Uplus design as not meeting those fundamental security standards.

Airman 1st Class Gabriel Simches, 100th Communications Squadron cyber defense operator, is working towards utilizing mobile device management software on Air Force issued mobile devices to increase security, reduce risk of data compromise and reduce man hours within the squadron. (U.S. Air Force photo illustration by Senior Airman Brandon Esau)
Representative image for context; not directly related to the specific event in this article. License: Public domain. Source: Wikimedia Commons.

LG Uplus said the issue was identified following SKT’s SIM information leak last year, and that improvements have been underway since then. The company has described the replacement program as a comprehensive step to strengthen subscriber privacy across its network, including for MVNO users.

For U.S. readers, the story highlights ongoing concerns about how subscriber identities are managed on mobile networks and the potential privacy risks posed by IMSI design choices. It also underscores how major carriers and MVNOs, both in Korea and abroad, continually adjust security practices to protect customers and maintain trust in the reliability of mobile communications.

In practical terms, the policy matters beyond Korea because U.S. and global network operators rely on interoperable standards and security practices to protect billions of subscriptions. The episode touches on how carriers balance accessibility, cost, and privacy, and it may influence how future SIM architectures are designed and audited in international markets.

Subscribe to Journal of Korea

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe