This paper analyzes security of Korean USIM-based PKI certificate service. Korean PKI certificate consists of public key and password encrypted private key on disk. Due to insufficient security provided by single password, Korean mobile operators introduced USIM-based PKI system.We found several vulnerabilities inside the system, including private key’s RSA prime number leakage during certificate installation. We also suggest possible improvments on designing secure authentication system (Preliminary work of this paper was published previously [1]. This work was responsibly disclosed to the vendor and associated government organizations.).