Ethical Hacking News
A Korean telco's deployment of thousands of badly secured femtocells has exposed thousands of customers to snooping and fraud, with 368 customers falling victim to a micropayment scam valued at $169,000. The incident highlights the importance of robust cybersecurity measures when deploying IoT devices like femtocells.
KT, a Korean telco, deployed thousands of femtocells with poor security measures, exposing customers to snooping and fraud. Femtocells used the same certificate for authentication, had no root password, and stored keys in plaintext, making them vulnerable to cloning and exploitation. Attackers were able to clone a femtocell and connect to KT's network, allowing them to read customers' text messages and learn their calling history. The attack resulted in the loss of $169,000 for 368 customers who fell victim to a micropayment scam. The incident highlights the importance of robust cybersecurity measures when deploying IoT devices like femtocells. South Korea's Ministry of Science and ICT has urged KT to take action to rectify the situation and prevent similar incidents in the future.
South Korea's Ministry of Science and ICT has uncovered a shocking case of security negligence by Korean telco, KT, which exposed thousands of customers to snooping and fraud. The incident involved the deployment of femtocells, small mobile base stations that use a wired broadband service for backhaul into a carrier's network.
According to an analysis by Yongdae Kim, a Korean infosec academic and IEEE Fellow, KT deployed thousands of femtocells across the country, all of which used the same certificate to authenticate to the carrier's network. However, this was not the most concerning aspect of the deployment. The femtocells had no root password, stored keys in plaintext, and were remotely accessible because SSH was enabled.
This raised significant red flags for Kim, who noted that attackers could easily retrieve the certificate and use it to clone a femtocell that KT would treat as a legitimate device and happily connect to its network. Moreover, since the certificate was set to expire after ten years, miscreants had a long period in which to clone a femtocell and use it for malicious purposes.
The Ministry's report suggests that attackers used one fake femtocell for ten months across 2024 and 2025. During this time, KT customers' devices would automatically connect to the cloned femtocell, allowing attackers to read those customers' text messages and learn what numbers they called.
One of the most striking aspects of the incident is the scale of the attack. According to the report, 368 customers fell victim to a micropayment scam, with the total amount involved estimated at $169,000. However, as noted by Kim, this figure seems "absurdly small" for the sophistication of the infrastructure used.
The deployment of femtocells is typically done in areas where mobile network signals are weak to improve coverage in and around customers' homes. In this case, KT's negligence has resulted in a massive security breach that could have far-reaching consequences for the telco and its customers.
Furthermore, the incident highlights the importance of robust cybersecurity measures when deploying IoT devices like femtocells. With the rise of smart cities and the increasing reliance on IoT technology, it is crucial that telcos and device manufacturers prioritize security above all else.
In response to this incident, South Korea's Ministry of Science and ICT has emphasized the need for better cybersecurity regulations and enforcement. The government has also urged KT to take immediate action to rectify the situation and prevent similar incidents in the future.
As the technology landscape continues to evolve at an unprecedented pace, incidents like this serve as a stark reminder of the importance of vigilance and proactive security measures. In the age of IoT, telcos must be at the forefront of cybersecurity, prioritizing the safety and security of their customers above all else.
In conclusion, KT's femtocell fiasco serves as a cautionary tale of security negligence that highlights the need for robust cybersecurity measures when deploying IoT devices. As the world becomes increasingly reliant on technology, it is crucial that telcos prioritize security and take proactive steps to protect their customers' sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Korean-Telcos-Femtocell-Fiasco-A-Cautionary-Tale-of-Security-Negligence-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/12/30/kt_telecom_femtocell_security_fail/
Published: Mon Dec 29 21:43:53 2025 by llama3.2 3B Q4_K_M
