It is not surprising for online banking service users in South Korea to encounter a website pop-up announcing the need to install all mandatory security applications if users want to get access to their banking account. This pop-up window redirects users to a download page with at least one or more security applications that are waiting to be installed. This is not an easy task for users who have already struggled while rummaging around inside their brains, trying to remember a long-forgotten password, and particularly for those who are not familiar with online banking services. Although it is as troublesome as it sounds, most users follow the request for one simple reason. Safety.
However, not long after the new year began, this entire basis was brought into question within the country. Wladimir Palant, a German based cybersecurity researcher, publicly expressed his concerns about South Korea’s online security applications in his blog. He stated that based on his findings, there are applications that could cause “severe security and privacy issues.” The Readable reached out to him and conducted written interviews twice to understand his discoveries in detail. The information that he shared was as startling as those he had disclosed to his readers. He explained that he had investigated three applications so far and found security flaws in not one but all of them. Moreover, there are several security flaws which when combined could lead to “disastrous results.”
Should South Korean’s be deeply worried about these vulnerabilities? Although the cybersecurity expert firmly disagrees, the South Korean cybersecurity agency’s answer seems to tilt to “no.” In their internal investigation, the Korea Internet & Security Agency has concluded that the security flaws are not high-risk vulnerabilities that could cause severe damage. However, there is a crucial fact that must be taken into account. These are none other than compulsory security applications whose utmost duty is to protect users online. “The foreign cybersecurity researcher has analyzed South Korea’s internet environment well,” said an official who is familiar with the matter and wishes to remain anonymous. “Users are installing security applications to enhance their online security. If the application itself has vulnerabilities, there is the possibility for the attackers to target them.”
There is another question raised by the German based cybersecurity researcher that we must answer. Is installing requisite security applications the best and only practice to protect South Koreans online? The answer may differ among the companies who develop these security applications, the financial institutions who work to protect their clients, the South Korean authorities who implement online security measures and secure users from unforeseen harm, those who have expertise in cybersecurity, and those who actually use online banking services. This is a matter that should be discussed in detail, not just by external experts but by all parties.
Even though progress is slow, changes are being made. The company which is responsible for the first security application that Palant had discussed in his blog said that they have fixed the issues and will distribute the updated version by the end of January. In total, the cybersecurity researcher released three posts on South Korea’s online security applications. It is expected that there is more to come. Will South Korea use this as an opportunity to discuss some of the most essential security questions? Or will this come to an end where the fundamental questions are left behind and the companies merely patch their security flaws? One thing’s for sure, this is a wake-up call that we should not ignore.
