Sign in Subscribe
By Ian Werther in News

LG Uplus to randomize IMSI, offer SIM replacements amid privacy concerns

LG Uplus has found that during the design of the IMSI system used to identify subscribers, the IMSI value reflected actual phone numbers, creating security concerns. The company says the issue did not violate current regulations, but it plans to address the risk by offering SIM reconfiguration or replacement to selected customers starting on the 13th of next month.

IMSI, or International Mobile Subscriber Identity, is a 15-digit number stored on a SIM card and used by mobile operators to identify a subscriber. It includes a country code, operator code, and a subscriber number. By contrast, SK Telecom and KT have reportedly used random numbers for the subscriber portion rather than actual phone numbers. The difference traces back to how LG Uplus historically operated: it used a CDMA network, in which the device’s unique ID was registered directly in the operator’s system, tying phone numbers to subscriber data. LG Uplus ended CDMA service in 2021.

Security experts note that IMSI alone is not enough to facilitate a hacking attack; a attacker would still need other identifiers such as the device’s IMEI and the SIM’s authentication keys. Still, leaving a personal identifier like a phone number embedded in IMSI for long periods can raise privacy and profiling concerns when coupled with other data, and could raise risks if information is exposed or misused.

The Ministry of Science and ICT, Korea Internet & Security Agency (KISA), and the National Assembly’s Science, ICT, Broadcasting and Communications Committee have held two meetings with LG Uplus to discuss measures, reflecting government concern about how subscriber identities are managed and protected.

LG Uplus plans to introduce IMSI randomization as part of its security improvement. Starting next month, it will offer SIM reconfiguration or replacement for customers who opt in. In November, the company will roll out a software update to enable IMSI changes without a physical SIM swap. In 5G SA mode, the IMSI will be encrypted to strengthen protection of customer information, according to LG Uplus.

LG Uplus’ chief technology officer, 이상엽, said the current IMSI system complied with international standards and that encrypting IMSI in 5G SA will raise the level of customer privacy protections. He described the steps as a proactive move to tighten identity protection even as mobile networks evolve.

For international readers, the case matters beyond Korea because mobile networks worldwide rely on subscriber identifiers and SIM-based trust. The year’s security incidents in Korea—such as a large SIM data leak reported by SK Telecom, widespread unauthorized charges at KT, and LG Uplus account-management concerns—underscore ongoing vulnerabilities in mobile identity and payment systems. As U.S. carriers and regulators scrutinize privacy, data protection, and cross-border security traits of roaming, eSIM adoption, and next-generation networks, Korea’s approach offers a concrete example of how operators are reconfiguring identity data to reduce risk while maintaining service continuity.

Subscribe to Journal of Korea

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe