NovoVocê sabe quais regulações se aplicam à sua empresa? Descubra em menos de 3 minutos. Nosso presente sincero:Mapeador da UEMapeador da Coreia
Como podemos ajudar?

Fale conosco em

KakaoTalkLINE

Resposta em até 48 horas

Envie-nos um e-mail →
Blog
The Train's WiFi Knows Where You Are
Privacidade de Dados

The Train's WiFi Knows Where You Are

6 de julho de 2026·Alex Holmquist, Panke IT Solutions LLC

Did you know your carrier can tell which exact train you are on right now? A cell tower only places you within a sector that can cover a whole station-to-station stretch of track. The onboard WiFi your phone joined the moment you sat down is bolted to that one train, so connecting to it draws a far tighter circle around you.

No password, no captive page — the carrier's secure network just let you on. It is a genuine convenience, and the sense that something is quietly happening in the background is correct.

The same auto-connect that saves you the login is what makes that precision possible.

Your SIM signs you in

On SKT and KT's secure onboard networks — T wifi zone_secure and KT's _secure SSID — your phone authenticates with your USIM using SIM-based EAP: the EAP-AKA family, EAP-AKA′ in current LTE and 5G deployments, not the older 2G EAP-SIM.[1] The identity it presents is derived from your SIM, so it names the subscriber behind the device, which a MAC address never does.

The access point only passes it along

The access point relays your SIM credential over RADIUS to the carrier's central AAA server, which validates it against the same subscriber database (HLR/HSS) the cellular core uses.[1] The carrier logs that session centrally — no attacker involved, just how the system is built.

A person riding a train car with a WiFi signal reading

Which train, plausibly which car

That session is logged against a specific onboard access point, and a train carries roughly one set per car — so it can narrow you toward a single car. Car-level is an inference. What is certain is that it fixes you to one specific train, finer than the cell tower already manages.

Not the LG U+ IMSI story

This is not the IMSI-exposure scenario from the April 2026 LG U+ controversy. Independent fact-checkers judged the real-world tracking risk limited: the IMSI is exposed only on a power cycle, and only confirms a device's presence within a single cell.[2] The durable point is quieter — the carrier's own routine session records.

What the law makes them keep

Those records are not optional. Under the enforcement decree of Korea's Protection of Communications Secrets Act, operators must retain internet access-origin (접속지) logs for at least three months and cell-site location data for at least twelve.[3]

Turning it off

You can turn this particular trade off: disable auto-join for the carrier's secure SSID in your WiFi settings, and your phone stops opening a fresh logged session each ride — though the cellular network still knows roughly which train you are on.

The same trade runs under most conveniences; we looked at a related one in which apps keep your photo's location.

When your phone connects to something on its own, do you know what identity it hands over to earn the convenience?

References

  1. NETMANIAS — IEEE 802.1X-based user authentication in KT, SK Telecom and LG U+'s Wi-Fi networks
  2. Daum News — 팩트체크: LG유플러스 위치추적 위험은 얼마나 될까
  3. 국가법령정보센터 — 통신비밀보호법 시행령 제41조 (전기통신사업자의 협조의무 등)
Preocupado com sua superfície de ataque?

Se quiser saber como sua infraestrutura é avaliada no modelo de varredura de um atacante, entre em contato em contact@pankeit.com para uma avaliação de superfície de ataque.

Assine nosso blog

Fique por dentro das últimas tendências de segurança

Sem spam. Cancele quando quiser.

©2026 Panke IT Solutions LLC

Austin, TX