Kyle Chua
Mar 10, 20222 min
The South Korean electronics company released a statement regarding the incident after the hacking group Lapsus$ claimed responsibility for the attack and leaked the stolen data online via a Telegram chat. The group said it obtained the source code for trusted applets installed in Samsung’s TrustZone environment that are used for sensitive operations like encryption and access control.
They have also allegedly stolen bootloader source code for recent Samsung devices, algorithms for all biometric unlock operations, the full source code used to authenticate Samsung accounts, among other data.
Lapsu$ additionally obtained secret source code from chipmaker Qualcomm, the company that supplies Samsung with chipsets for its devices.
"According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees," said Samsung. "Currently, we do not anticipate any impact to our business or customers."
While Samsung believes the attack does not pose any immediate danger to them or their customers, it should be noted that, by having possession over the source codes, the hackers can easily find security vulnerabilities in the company's software and potentially exploit them in the future. They also have the ability to disrupt supply chains, given how Samsung's software and hardware, which are widely distributed globally, are now likely vulnerable to infection, as cyber security specialist Check Point Research notes.
Lapsu$ was also behind the recent Nvidia breach, similarly stealing proprietary source code and other highly confidential information. Holding the stolen data for ransom, the group demanded the company remove the lite hash rate (LHR) in its RTX 30 series graphics cards. The feature was implemented to limit the Ethereum mining capabilities of Nvidia's graphics cards. The hackers also wanted the company to open-source its graphics drivers for macOS, Windows and Linux devices. It's yet unclear if the hackers made similar demands in Samsung's case.
Samsung confirmed that it suffered from a security breach, exposing over 190 gigabytes of confidential data, including source codes for the operation of Galaxy devices.
Lapsu$, the same group behind the recent Nvidia breach, claimed responsibility for the attack and leaked the stolen data online via their Telegram channel.
The South Korean company, however, said that the personal information of its customers and employees remain secure.