Samsung data breach: Lapsus$ gang stole Galaxy devices’ source code

Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach.

Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models.

Last week the Lapsus$ ransomware gang claimed to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190GB of alleged Samsung data as proof of the hack.

The gang announced the availability of the sample data on its Telegram channel and shared a Torrent file to download it. They also shared an image of the source code included in the stolen data.

Stolen data contains confidential Samsung source code, including:

DEVICES/HARDWARE -Source code for every Trusted Applet (TA) installed on all samsung device’s TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc). THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we’re talking individual RX/TX bitstreams here).
Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
Various other data, confidential source code from Qualcomm.

Source: Lapsus$ gang’s Telegram Channel

Now the company confirmed that the attack resulted in then exposure of sensitive company data.

“There was a security breach relating to certain internal company data,” Samsung told Bloomberg. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

At this time it is not possible to determine the ransom demand make to Samsung by the LAPSUS$ gang.

Recently, the Lapsus$ ransomware gang claimed responsibility for the cyber attack against chipmaker giant NVIDIA. The group announced to have stolen 1 TB of data from the company’s network. The ransomware gang leaked online around 20GB of data, including credentials for all Nvidia employees.

The gang released over 70,000 employee email addresses and NTLM password hashes.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Lapsus$ ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.