Are there any security issues with Chinese SIM cards?

What is a USIM chip?

 The USIM (Universal Subscriber Identification Module) chip is a smart card that stores mobile phone users’ subscriber information (telephone number, authentication key, identification number, etc.) and plays a key role in connecting terminals and communication networks. The USIM chip stores the following information: IMSI (mobile subscriber identification number), authentication key (Ki), phone number and device unique identification number (IMEI), and use of telecommunications services. If a USIM chip is hacked or duplicated, it can lead to secondary and tertiary damage such as text identity authentication, financial damage, identity theft, and financial fraud beyond simple personal information leakage.

Summary of recent Korea SK Telecom USIM hacking incidents

 In April 2025, SK Telecom’s internal server was infected with malicious code, resulting in the leakage of some of the USIM-related information of approximately 23 million customers. The leaked information contained key data needed for USIM replication, such as IMSI, IMEI, and USIM authentication keys. This led to a surge in secondary damage concerns, including the opening of cannon phones and SIM swapping (theft of financial and SNS accounts after USIM replication).

USIM Chip Origin ‘Made in China’ and Risk of Security Personal Information Leakage

1. Chinese Usim Chip, Why Controversy?

 Many of the USIM chips of the three domestic telecommunications companies are manufactured in China. China is considered to have low global reliability due to cyber security issues such as inserting a “backdoor” (hidden access path) into information and communication equipment at the national level. If a security vulnerability is embedded in the hardware stage, there is a limit to software response alone.

2. Did the origin of the USIM chip actually affect the hack?

 This Korea SK Telecom hack is a case in which the ‘internal server’ was infected with malicious code and USIM chip’s data was leaked, not a case in which the hardware vulnerability of the USIM chip itself was directly exploited. However, if a backdoor or vulnerability is planted in the USIM chip manufacturing stage, no matter how secure the carrier server is, there is a risk of information leakage through the chip itself. USIM chip is the core of ‘digital identity’ such as subscriber authentication and financial transaction authentication, so a reliable manufacturing environment is essential.