South Korean tech giant Samsung confirmed that it was hacked and the Galaxy source code was stolen. However it did not mention the name of the company responsible.
News of the breach filtered out earlier this month, with a hacking outfit named Lapsus$ claiming responsibility. The group claims to have obtained source code for trusted applets installed in Samsung’s TrustZone environment, which Samsung phones use for performing sensitive operations, algorithms for all biometric unlock operations and bootloader source code for all recent Samsung Galaxy devices.
The hacking group shared screenshots purportedly showing roughly 200GB of stolen data, including source code used by Samsung for encryption and biometric unlocking functions on Galaxy hardware. The stolen data also allegedly includes confidential data from U.S. chipmaker Qualcomm, which supplies chipsets for Samsung smartphones sold in the United States.
Lapsus$ is the same hacking group that stole proprietary information from Nvidia Corp.’s networks. Lapsus$ attempted to blackmail Nvidia, threatening to leak data online unless the company removed cryptocurrency mining limiters from certain GPUs and made the drivers for these video cards open source.
Samsung confirmed, via a statement, that it suffered a cybersecurity breach that exposed internal company data, including source code for the operation of its Galaxy smartphones.
“According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
Samsung
Though Samsung says that personal information was not compromised, we at InnovationVillage do recommend that you change the passwords for your Samsung services and enable 2FA (two-factor authentication) for good measure
According to Sammobile, Even though the hacker group only released 190 GB of data publicly, there’s no telling how much more it has stashed away behind the curtains. Additionally, the breach contained a treasure trove of information about how Samsung secures its devices, meaning that it will be easier for malicious elements to undermine on-device security on Samsung phones.
The leaked source code could certainly give competitors a peek into Samsung’s secret information.
2 Comments
Pingback: Microsoft confirms it was hacked by DEV-0537, also known as Lapsus$ - Innovation Village | Technology, Product Reviews, Business
Pingback: Teenager in UK suspected of being the mastermind behind the Lapsus$ hacking group - Innovation Village | Technology, Product Reviews, Business