Lapsus$ hackers leak Samsung source code and massive data dump from security breach
Samsung appears to have fallen victim to a serious security breach if the leaks from data extortion group Lapsus$ are anything to go by.
Amounting to a colossal 190GB of data, the group says it has in its possession Samsung source code and other confidential company data. It is just days since the Lapsus$ claimed responsibility for a hack that resulted in data being stolen and leaked from data stolen from GPU chipmaker NVIDIA.
- Microsoft is using the KB5012427 update to test the servicing pipeline for Windows 11
- HP Hotkey UWP Service is eating up memory on some Windows 11 laptops
- Microsoft teams up with Apple, Google and Mozilla to improve the web with Interop 2022
The attack on NVIDIA was said to be a reaction to the company limiting the crypto-mining capabilities of its chips, but details surrounding the Samsung leak are less clear. In fact, it is not even apparent whether Lapsus$ is responsible for the security breach that resulted in data being stolen from Samsung, or whether the group simply managed to acquire it.
So far, Lapsus$ has only -- as Bleeping Computer shares -- teased the data it claims to have obtained. But if the group's assertions are true, it has three archives of Samsung data including source code for security products, encryption data, and backend data. Among the data teased are:
- source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
- algorithms for all biometric unlock operations
- bootloader source code for all recent Samsung devices
- confidential source code from Qualcomm
- source code for Samsung’s activation servers
- full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
While Lapsus$ used the data obtained from NVIDIA to demand a ransom, it is not known whether this has also happened with Samsung. Samsung has not commented on the matter so far, so we only have the word of Lapsus$ to go on for now.