Latest news with #HomeSubscriberServer
Time of India
3 days ago
- Business
- Time of India
Telecom cyber resiliency: Lessons from a recent breach
By Arvind Khurana, Regional VP & Country Head for Cloud and Network Services at Nokia India A few months ago, a sophisticated cyberattack quietly rocked the telecom industry in East Asia. The breach, which infiltrated the core network of a major operator, exposed one of the most sensitive components in telecom infrastructure: the Home Subscriber Server (HSS). This system, often described as the digital brain of mobile networks, stores critical user data—particularly from Universal Subscriber Identity Modules (USIMs). Once compromised, the attacker gained potential access to IMSI numbers, authentication keys, SMS metadata, contacts, and more. The repercussions were far-reaching. With this level of access, malicious actors could theoretically clone SIM cards, launch identity theft campaigns, or commit financial fraud. To mitigate risk and regain public trust, the affected operator offered free SIM replacements to over 23 million users. While the incident took place far from Indian shores, it serves as a stark warning for the telecom industry worldwide—especially for emerging digital powerhouses like India. Telecom Data: A Goldmine for Cybercriminals With more than 1.15 billion mobile subscribers and an economy increasingly dependent on digital infrastructure, India is among the largest and most connected telecom markets globally. In fact, the average Indian mobile user now consumes nearly 1 GB of data daily, a figure that has skyrocketed with the proliferation of 4G and rapid rollout of 5G in metro cities. But with greater connectivity comes greater vulnerability. The attack surface has expanded exponentially, and telecom networks—which carry everything from financial transactions to biometric data—have become prime targets for cybercriminals. Unlike past decades, where telecom was primarily about call connectivity, today's networks are integrated with e-commerce, banking, e-governance, healthcare, utilities, energy, and enterprise IT systems. In such a vast and data-intensive landscape, ensuring the cybersecurity and resilience of telecom networks has become not just a technical imperative but a national priority. India's Data Surge Demands a Security Surge Recent global incidents underscore a troubling trend. In the last 18 months alone, high-profile breaches have affected several major telecom players: Salt Typhoon breached networks to access user data.A cloud workspace vulnerability exposed metadata of millions.A ransomware attack by the Trigona group disrupted services and encrypted vast amounts of sensitive in one case, unauthorized access led to the potential leakage of critical information belonging to thousands of corporate clients. These events emphasize that telecom-specific vulnerabilities are not theoretical—they are being actively exploited. As geopolitical dynamics grow more complex, the strategic importance of securing critical digital infrastructure like telecom networks has never been greater. Indian telecom operators must now treat proactive security as a foundational pillar of network resilience. Beyond Generic Tools: The Case for Telecom-Specific Security One of the biggest takeaways from the East Asian breach—and echoed by Nokia's security experts—is that general-purpose cybersecurity tools fall short in protecting telecom networks. Telecom core networks are complex, often built on Linux-based systems, and require specialized Endpoint Detection and Response (EDR) tools designed for such environments. A next-generation telco-specific EDR must include: Agent-based detection powered by network traffic analysis, AI and machine learning for real-time threat lifecycle management of EDR agents to reduce patching delays and ensure EDR agents and sensors that operate without disrupting critical services or draining network resources. Without these specialized capabilities, telecom operators are left exposed to increasingly sophisticated and targeted attacks. Learning from the Breach: Critical Priorities The breach in East Asia offers vital lessons for Indian telecom stakeholders. Here are four key takeaways: Enhance 24/7 monitoring with telecom-specific XDR, powered by AI/GenAI: Always-on threat hunting and real-time detection are crucial—especially during weekends, holidays, and peak usage periods when attackers often Network Function protection: Advanced EDR should focus on telco vulnerabilities, identify malware behavior patterns, and alert teams to abnormal infrastructure Zero Trust architecture and Privileged Access Management (PAM): Operate under the principle of 'assume breach' and verify every user, device, and request. Use digital certificates, implement network segmentation, and strictly control administrative Risk Management and Regulatory Compliance: Conduct targeted risk assessments in alignment with global telecom standards and regional frameworks. Mature your Security Operations Center (SOC) and fast-track the security transformation for 4G and 5G networks. Building the Future: A Proactive Defense Strategy As cyberattacks become faster and more sophisticated—amplified by Generative AI and automation tools— telecom companies must adopt a more anticipatory and resilient approach to cybersecurity. The Nokia Threat Intelligence Report confirms a steady rise in attacks on telecom infrastructure, demanding innovation in how we protect our networks. What's needed now is an industry-wide shift to embrace security frameworks designed for telecom, by telecom experts. This includes continuous monitoring, automation, and intelligent threat analytics embedded across the network lifecycle. At Nokia, we are deeply invested in building a leading telco security portfolio that can help operators stay ahead of attackers, comply with regulations, and—most importantly—retain the trust of their users. A Call to Action for India's Telecom Ecosystem India is on the brink of a digital revolution, but the promise of connectivity must be matched with the discipline of security. The breach in East Asia wasn't just a local event—it was a global wake-up call. For India, where telecom is the backbone of both digital governance and economic inclusion, the stakes are even higher. Now is the time for India's telecom ecosystem—government, operators, and solution providers—to join forces and ensure that cybersecurity is not a patchwork afterthought but a core pillar of infrastructure planning. Because in the digital age, resilience is not just about recovery—it's about prevention. (DISCLAIMER: The article has been published under the ETTelecom Brand Connect Initiative.)
Korea Herald
14-05-2025
- Korea Herald
SK Telecom completes USIM protection service for all users
SK Telecom said Wednesday that all 25 million of its users have signed up for the company's USIM Protection Service following a major data breach, including those using international roaming. 'Since the USIM protection service for overseas users began on May 12, we have completed the enrollment of all users by this morning. Essentially, all customers have now been covered,' said Ryu Jung-hwan, head of the network infrastructure center at SK Telecom, during a press briefing on Wednesday. The company confirmed that the service has also been applied to all customers currently staying abroad. Following one of the worst hacking incidents in its history, SK Telecom has scrambled to respond, including enrolling all users to its USIM protection service. The company asserts that the protection service effectively blocks the use of illegally cloned USIM cards on other devices, providing the same level of protection as physically replacing the USIM. Previously, international roaming users were unable to join the protection system, but SK Telecom has since this Monday upgraded it to include them. SK Telecom, the country's largest mobile carrier that nearly half of Korea's population uses, disclosed that it had suffered a cyberattack and subsequent data breach of customer's USIM data on April 18. The data breach, caused by a malware attack inside a key internal system called the Home Subscriber Server, resulted in the leak of about 9.7 gigabytes of data. As of now, the exact cause and the identity of the attacker have not been officially confirmed. The mobile carrier has also offered users the option to switch their USIM cards for free since April 28, but the swap process has been hampered by overwhelming demand and a supply crunch. According to the firm, some 16.9 million users have switched their USIM cards as of Wednesday. SK Telecom said it plans to secure around 5 million additional USIM cards this month and another 5 million in June, vowing to speed up the replacement process. To ease public concern, the company on Sunday introduced the new USIM reset solution that allows subscribers to update specific user identification from USIM chips without the need to physically replace the chip. At the briefing, SK Telecom also said the USIM card replacement service at airports will end after Thursday, as not any people are using the service there. 'The staff stationed at the airport will be reassigned to our 2,600 T World Stores nationwide to accelerate USIM replacement services (at the stores),' said Lim Bong-ho, head of mobile network operator business. From as early as next week, the company will also launch on-site USIM replacement or reset services for customers living in remote or island regions. The service will also be expanded to vulnerable groups, including older adults who have difficulties with technology.
Korea Herald
07-05-2025
- Business
- Korea Herald
SK chief apologizes over SK Telecom data leak
Chey Tae-won calls hacking incident national security issue, pledges reform SK Group Chairman Chey Tae-won apologized on Wednesday for a recent hacking incident at SK Telecom that led to a massive data leak, pledging to bolster cybersecurity across the conglomerate's affiliates. Chey's apology came 19 days after the country's largest mobile carrier with 25 million subscribers -- nearly half of Korea's population -- disclosed that it had suffered a cyberattack and subsequent data breach of customers' USIM data on April 18. The data breach, caused by a malware attack inside a key internal system called the Home Subscriber Server, resulted in the leak of about 9.7 gigabytes of data. As of now, the exact cause and the identity of the attacker have not been officially confirmed. 'I sincerely apologize on behalf of SK Group for causing concern and inconvenience to our users and the public due to a cyberattack at SK Telecom,' Chey said at a press conference held at SK Telecom's headquarters in Seoul. Chey acknowledged the difficulties customers have faced, including long waits at retail stores to receive new USIM cards, and expressed regret at the company's inadequate communication and response following the incident. 'We will fully cooperate with the government investigation to identify the cause of the breach and to prevent further damage to customers,' Chey said. 'Separately, we will inspect the overall cybersecurity system of all SK affiliates and expand investment in security systems.' He also announced that the company will set up a new information protection innovation committee, comprising outside experts. SK Group plans to set up the new committee under the Supex Council, the conglomerate's top decision-making body. 'It is crucial that we properly establish a security system and address the issue not just as a security issue, but as one that concerns national security and lives,' he said. At the press conference, Chey revealed that he has not replaced his own USIM card but is subscribed to the company's USIM Protection Service. The company asserts that the USIM Protection Service effectively blocks the use of illegally cloned USIM cards on other devices, providing the same level of protection as physically replacing the USIM. As of Wednesday, all 24.11 million eligible customers have joined the USIM protection service, according to the company. About 1 million users remain unenrolled, as the service is currently incompatible with international roaming plans. The company said it is upgrading its system to allow users to use both services by May 14. Meanwhile, some 1.07 million users have switched their USIM cards so far. The company began offering free USIM chip replacements to all users on April 28, but the swap process has been hampered by overwhelming demand and a supply crunch. The company said it plans to secure around 5 million additional USIM cards this month and another 5 million in June, vowing to speed up the replacement process. Following the hacking incident, SK Telecom has experienced a user exodus to its main rivals, KT and LG Uplus. Amid growing calls to waive early termination fees for users, Chey said the issue is still under review. 'I also hope this issue will be resolved in a way that causes no inconvenience to customers,' said Chey. 'Concerns over user fairness and legal matters must also be reviewed. SK Telecom's board of directors is currently discussing the matter.'
Korea Herald
28-04-2025
- Korea Herald
SK Telecom stores overwhelmed as customers rush to replace USIM cards over security fears
SK Telecom plans to secure 5m more USIM cards by late May, but that would still fall far short of covering its 25m users What was meant to reassure customers after a major security scare quickly turned into long lines, delays and frustration, as SK Telecom's free USIM card replacement program struggled to meet overwhelming demand on its first day. Earlier this month, South Korea's largest mobile carrier disclosed that it had discovered malware inside a key internal system, the Home Subscriber Server — the database that manages mobile user identities and network authentication. The discovery raised concerns that sensitive information stored on customers' physical USIM cards — including identifiers needed to verify a user's phone on the network — may have been exposed. To address security concerns, the company promised free physical USIM card replacements to all affected customers — over 25 million people in total. It also urged customers to enroll in its "USIM Protection Service," a security feature that blocks network access if a cloned USIM card is inserted into an unauthorized device by verifying the phone's IMEI number — a unique identifier assigned to each mobile device, like a digital fingerprint. SK Telecom emphasized that enrolling in the service offers a level of safety comparable to replacing the card. Long lines, empty hands At SK Telecom's store near Sookmyung Women's University station in Yongsan-gu, Seoul, customers lined up early Monday morning, only to find that the stock of USIM cards had already been depleted. The store had posted an online notice days earlier on Naver Map, warning that over 500 reservations had already been made. Inside, two overwhelmed employees explained that early reservation holders could swap their USIM cards immediately, while walk-ins have to book new appointments — later this week if done in person, or next week if scheduled online through SK Telecom's website ( "Even with endless stock, two of us can only replace about 100 cards a day," one staffer said. For most waiting in line, security fears, not inconvenience, drove the urgency. A woman in her 50s said she had booked her appointment "as soon as news of the breach broke." Nearby, a man in his 60s, who had received SK Telecom's security alert via text, called the breach "very serious" and said he felt far safer physically replacing his USIM card than relying solely on the network-based protection service. Others shared similar views. A university student in his 20s said he "did not expect immediate financial theft" but felt "uncomfortable leaving compromised data unaddressed." A man in his 30s, who had learned about the breach only through news reports, said he "found the situation unsettling enough to warrant a prompt replacement." The reservation website struggled under demand as well. By mid-morning, more than 97,000 customers were queued for reservations. At major airports like Incheon, SK Telecom expanded roaming center staffing by 50 percent and pledged that even if customers missed replacement opportunities before departing, the company would be liable for any subsequent overseas fraud involving cloned USIM cards. Currently, SK Telecom holds around one million USIM cards, with plans to secure five million more by late May. Given the scale, shortages are expected to persist for weeks. Experts assurance amid anxiety Amid these mounting anxieties from customers, cybersecurity professor Kim Seung-joo of Korea University told The Korea Herald that replacing the UICC smart card containing the USIM application resets the crucial IMSI and K values, neutralizing the impact of the leaked data. "When you replace your USIM card, the identifiers are regenerated. You can rest assured after replacement," Kim said. He confirmed that SK Telecom's USIM Protection Service also provides strong interim protection by blocking cloned cards from accessing the network. "Enroll in the service first if necessary, and replace the USIM card later when the rush subsides," he advised. Kim also confirmed that leaked USIM card data alone cannot directly lead to bank account theft. mjh@
