Seoul, Sep 24 (IANS) KT Corp’s chief acknowledged on Wednesday that the company had poorly managed micro base stations linked to recent unauthorised mobile payment breaches.

“After the incident, we reviewed the management of femtocells and found numerous vulnerabilities and poor management,” Kim Young-shub, chief executive officer (CEO) of KT, said during a parliamentary hearing. “We have since taken measures to prevent illegal femtocells from connecting to the network.”

A femtocell is a small, low-power cellular base station, typically designed for use in homes or small businesses. Kim said KT outsources their installation and management, reports Yonhap news agency.

According to the company, unregistered femtocells were connected to its network around late August and gained access to private data of 362 users, with damages estimated at 240 million won (US$173,000).

Kim also said KT is expanding its analysis to all authentication data, after lawmakers pointed out that the company’s probe had focused only on breaches involving the automated response system (ARS).

“Analysis takes time, so we initially reviewed ARS data. We are now analyzing all authentication methods, including short message service,” Kim said, adding the company is assessing the full scale of the damage.

KT earlier explained that hackers had intercepted ARS calls meant to authorize mobile payments in some of the reported cases.

Kim said the company is considering waiving subscription cancellation fees for about 20,300 users whose private data was allegedly leaked after their mobile phones connected to the illegal base stations.

The compromised data may include international mobile subscriber identity (IMSI) and international mobile equipment identity (IMEI) numbers, as well as phone numbers.

“We are considering exempting cancellation fees for 20,300 affected users,” he said.

In response, Second Vice Science Minister Ryu Je-myung said KT should lift subscription cancellation penalties if the company is found to have violated its obligation to provide a safe telecommunications environment to users.

“Investigators will determine (whether KT violated the obligation) and take necessary measures,” Ryu added.

–IANS

na/