in ,

Samsung allegedly suffers a hack exposing 190GB of confidential data

As reported in South Korean media, Samsung now has a breach of data worth 190 GB to deal with, and the hacker is a familiar name.

South Korean conglomerate, Samsung, has been hacked, according to Bleeping Computer, and the hacker is allegedly Lapsus$. The hacking group is the same as the one allegedly behind the Nvidia email breach.

The group has been teasing a data leak, even sharing a snapshot of C/C++ directives in the company’s code. Lapsus$ also published a description of the code it plans to leak, claiming it involves confidential Samsung code. The description includes source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g., hardware cryptography, binary encryption, access control), algorithms for all biometric unlock operations, bootloader source code for all recent Samsung devices, confidential source code from Qualcomm, source code for Samsung’s activation servers, full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services, etc.

In less technical terms, Lapsus$ has got its hand on code that controls highly sensitive parts of Samsung’s devices. That includes biometric authentication and on-device encryption. Qualcomm is also a victim, as some of its confidential source codes are allegedly involved.

Perchance Lapsus$’s claims are valid, Samsung has been a victim of a serious breach. The hackers have broken down the data stash into three, making them available on a popular torrent site. Lapsus$ is even promising to deploy more servers to enhance the download speed.

Part 1 of the loot includes a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items. Part 2 contains a dump of source code and associated device security and encryption data. The last part contains different repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store).

There is no indication yet that Lapsus$ contacted Samsung for a ransom or other demands, as it did in the case of Nvidia. It obtained about 1TB of confidential information from the American company, including schematics, driver source codes, and staff email passwords (about 71,000). Lapsus$ demanded that Nvidia make its drivers open-source and remove limits on cryptocurrency mining on its RTX 30-series GPUS. The hacking group also claims to be in negotiation with a potential buyer for Nvidia’s stolen data.

Nvidia said the breach had not affected its day-to-day operation and continues to work with cybersecurity auditors and law enforcement officers.

However, Samsung has said it is assessing the situation. Lapsus$ said its attacks are not politically motivated.

Written by HackerVibes

Apple shareholders vote on proposal to examine its NDAs for risk to civil rights

Activision Blizzard sued over the suicide death of its employee