Why Multi-Factor Authentication Matters explained by ARGOS, the Global Identity Verification Expert

ARGOS Identity's avatar
Apr 30, 2025
Why Multi-Factor Authentication Matters explained by ARGOS, the Global Identity Verification Expert

A massive SIM (USIM) data leak recently occurred at SK Telecom (SKT) in Korea, drawing widespread attention.

Approximately 23 million subscriber records were compromised, highlighting the limitations of mobile phone based identity verification and reigniting the need for Multi Factor Authentication (MFA).
Let’s take a closer look at proactive security measures we can adopt to prevent personal data breaches like this in advance.

mobile image
mobile image

When personal information is leaked, one of the most concerning crimes is "SIM swapping."
SIM swapping is a type of hacking that involves stealing or cloning SIM information to intercept mobile verification codes, which are then used to access financial accounts or steal digital assets.

Past telecom data breach cases!

In 2021, more than 100 million subscriber records were leaked from T-Mobile, the second-largest telecom company in the U.S.
Hackers stole nearly all the information required for telecom registration, including subscribers' Social Security Numbers (SSNs), phone numbers, names, residential addresses, driver's license information, and smartphone identifiers.
The fact that smartphone identifiers and names were leaked means that hackers could even identify the exact smartphone model each user was using.
In fact, sample data provided by hackers for sale accurately listed T-Mobile customers' personal information.

Let’s take a quick look at the sequence of the SIM data leak incident.

The HSS (Home Subscriber Server) is the core infrastructure of telecom providers and is responsible for storing and managing subscribers' USIM information (IMSI, Ki).

mobile image
mobile image
  • IMSI: International Mobile Subscriber Identity

  • Ki: A 128-bit secret cryptographic key unique to each subscriber

If a hacker breaches the HSS and steals this data, they can take over the telecom network as if they were the actual user.

Process of USIM cloning and SIM swapping

When IMSI and Ki are stolen, the attacker has obtained the core credentials necessary for cloning.
They can then physically copy the information onto another SIM card or logically manipulate the telecom provider’s system to assign IMSI and Ki to a new SIM.
The cloned SIM can bypass network authentication and be recognized as legitimate by the telecom provider’s base stations and authentication protocols.
As a result, SMS-based two-factor authentication codes can be hijacked, allowing attackers to access financial apps and crypto wallets or transfer assets.

hacker image
hacker image

Additionally, attackers may register a burner phone under the victim’s name, which can lead to further crimes such as voice phishing.
Since telecom systems authenticate users based on IMSI and Ki, cloned SIMs are recognized as legitimate subscribers, making detection difficult.

The Ki cryptographic key plays a critical role in the mutual authentication process between the telecom provider and the USIM.
Both the telecom provider and the USIM use the same key to compute the same response value (SRES) to verify each other.
Moreover, Ki is also used to generate session keys (Kc) for voice and data transmission, playing an essential role in data encryption.
If Ki is leaked, there is no way to recover it.
The only way to resolve the issue is to replace the entire SIM card, as the leaked Ki cannot be restored or reset.

What can we do to prevent personal data breaches?

To prevent damage from SIM cloning, users can take several proactive measures:

  • Subscribe to SIM Protection Services: This blocks SIM use on unregistered devices (based on IMEI).
    For SK Telecom users, this service is available for free under the "SIM Protection Service" in the T World app under value-added services.

  • Use identity theft prevention services: Services like M-Safer allow users to block others from registering mobile devices under their name.

  • Set up email notifications: Enable email alerts to be notified immediately when SIM reissuance or device changes occur, allowing for quick response.

However, technical limitations on the part of telecom companies still exist.
First, since Ki cannot be regenerated, any leak requires a full SIM replacement.
In addition, delays in synchronization between the original and cloned SIMs limit the ability to block attacks in real time leaving a window of vulnerability during which attacks can occur.

In conclusion, an HSS breach is more than just a personal data leak it represents a full replication of digital identity.

At this point, we must proactively adopt MFA, enhance SIM protection, and gradually phase out SMS-based authentication methods.

How can ARGOS be a viable solution?

ARGOS’s ID check system provides an end-to-end authentication framework that independently verifies users’ real identities (ID cards, facial recognition, etc.) without relying on telecom networks or mobile devices.
By using multiple factors ID OCR, facial recognition, and liveness detection it authenticates the person, not just the device, meaning that cloned SIMs alone cannot pass ID check.

ID check allows for flexible adjustment of authentication strength and process based on context.
This enables enhanced security for high risk use cases such as financial transactions or the transfer of large assets.
Whereas telecom based authentication is vulnerable to SIM cloning attacks, ID check directly verifies the individual’s identity, fundamentally preventing replication or hijacking attempts.

kyc image
kyc image

Other reasons why ARGOS ID check is an effective countermeasure:

Robust security and accuracy

  • AI-based identity verification: ARGOS uses artificial intelligence to effectively detect and prevent forgery and fraud attempts.

  • High accuracy: Identity verification is performed with 99.996% accuracy, ensuring a high level of trust.

Global compatibility and flexibility

  • Wide document recognition: Automatically recognizes over 4,000 types of identity documents from 195 countries, making it suitable for global services.

  • Adaptable to various environments: Offers additional options to verify users even when wearing masks or helmets, ensuring usability in various scenarios.

Easy deployment and operation

  • Fast implementation: Can be implemented in just 5 minutes without developers, saving company resources.

  • Automated services: Streamlines authentication processes to improve operational speed, accuracy, and reduce costs.

This recent USIM data breach serves as a powerful reminder of the importance of personal data protection.
As the need for stronger security in various authentication methods continues to grow, it’s a great time to consider adopting a reliable end-to-end identity solution like ARGOS ID check.

Share article
Subscribe to our newsletter.

ARGOS Identity