This is trending because a major study from a prestigious university (KAIST) has officially confirmed long-held suspicions about the insecurity of mandatory Korean online security software, directly impacting millions of users' daily lives and data safety. The findings validate widespread frustration and raise serious concerns about national cybersecurity.
In South Korea, it's common for users to be forced to install various proprietary 'security' programs to access online banking, government services, or even some shopping sites, a practice that has long been criticized for its clunkiness and security flaws.
A bombshell study from South Korea's top universities, including KAIST, has just confirmed what many Koreans have long suspected: the mandatory 'security' programs we're forced to install for online banking and government services are actually massive cybersecurity risks. Published in the prestigious USENIX Security 2025 conference, the research dives deep into the flaws of what they call 'Korean-style Security Applications' (KSAs), revealing how these programs, ironically meant to protect users, instead create gaping holes in modern web security.
The study outlines five critical ways KSAs compromise user safety:
1. **Browser Sandbox Bypass:** Modern browsers like Chrome and Safari use a 'sandbox' to isolate malicious websites from your PC. KSAs, however, often run outside this sandbox, claiming to offer 'special functions' for banking. This bypass means that even if your browser is secure, a hacker can exploit a KSA vulnerability to remotely install and execute malware (RCE) on your computer, no browser hacking required.
2. **Keyboard Security as a Keylogger:** This one's truly wild. So-called 'keyboard security programs' are supposed to protect your input. But the study found that many KSAs encrypt your keystrokes and then send them to the webpage along with a symmetric key for decryption. If a hacker tampers with the KSA's functions, they can easily disable the encryption or extract the key, turning the 'security' program into a perfect keylogger that steals all your input.
3. **Rampant Private Certificate Abuse:** To communicate securely (HTTPS), KSAs often force the installation of a powerful 'Root Certificate Authority' (Root CA) on your PC. If the private key for this certificate is ever leaked, attackers can forge legitimate sites like Google or your bank, enabling 'man-in-the-middle' attacks to intercept your sensitive information. Researchers actually proved this by extracting a private key from a KSA and successfully forging Google's website. Even worse, these dangerous Root CAs often remain on your PC long after you uninstall the KSA.
4. **Excessive Data Collection (Basically Spyware):** Some KSAs, supposedly for 'abnormal transaction detection,' collect an alarming amount of personal data, including your MAC address, VPN IP, firewall settings, and hardware serial numbers. One international researcher even dubbed them 'state-sponsored spyware.' While this data is sent encrypted, the study found that publicly accessible KSA developer test pages allow anyone to decrypt and access this sensitive information. Furthermore, programs managing **Joint Certificates** (공동인증서), a common digital ID in Korea, often expose users' real names and serial numbers in plain text online.
5. **Structural Neglect and Unpatchable Flaws:** Even when critical vulnerabilities are discovered, fixing them is incredibly difficult. It's not enough for the KSA developer to update their software; the banks' associated website code (JavaScript) also needs modification. Banks, however, are often reluctant to change existing services, fearing new issues. This means critical vulnerabilities are frequently left unpatched, leaving millions of users exposed.
Despite global tech giants like Google investing trillions of won annually into maintaining and updating cutting-edge browser security standards like WebAuthn, Korean banks and security firms continue to rely on these outdated, locally-run server solutions. This negligence has transformed Korean computers, which typically have an average of nine such programs installed and often unmanaged, into a 'hacker's paradise,' as the original post puts it. The recent LG Uplus incident, where a KAIST professor directly warned of the dangers, further underscores the urgency of these findings.