Mandatory security software leaves Korean finance vulnerable

Mandatory installation of financial security programs in South Korea may actually increase vulnerability to cyberattacks, according to a new study.

A joint research team led by Professors Kim Yongdae and Yoon Insu of the Korea Advanced Institute of Science and Technology (KAIST), along with Professor Kim Seungjoo of Korea University, Professor Kim Hyungsik of Sungkyunkwan University, and security firm Theori, announced on June 2 that they had discovered structural flaws and critical vulnerabilities in South Korean financial security software.

The team analyzed seven major security applications (collectively referred to as KSA) currently used by domestic financial institutions and public agencies, uncovering 19 serious vulnerabilities. These included keylogging, man-in-the-middle (MITM) attacks, leakage of digital certificates, remote code execution (RCE), and user identification and tracking.

These vulnerabilities stem from structural limitations of Korean financial security software. Typically, web browsers are designed to prevent external websites from accessing sensitive internal system files. However, the South Korean security programs circumvent these browser protections to access and operate sensitive system functions.

The researchers noted that the mandatory installation of such software for financial and public services is unprecedented worldwide. In an online survey of 400 people conducted nationwide, 97.4 percent of respondents said they had installed KSA to access financial services.

“Security software should serve as a tool to protect users, not as a pathway for attacks,” said Professor Kim Yongdae. “We need to shift away from forcing the installation of non-standard security software and move toward models that comply with web standards and browser-based security frameworks.”


장은지 기자 jej@donga.com