Samsung confirms hackers stole source code for Galaxy phones
Samsung often speaks highly of its security measures, especially around the Samsung Knox technology available on Galaxy devices and other products, but no company (or government) is immune to security breaches. Samsung confirmed on Monday that it suffered a significant breach, following reports over the weekend of a leak by a data extortion group.
Samsung confirmed the security breach to Bloomberg on Monday, saying “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
Data extortion group ‘Lapsus$’ published a collection of confidential data over the weekend, totaling almost 190GB, according to Bleeping Computer. The leak reportedly includes source code for Trusted Applet (TA) code used for sensitive operations (e.g. hardware cryptography), bootloader source code, code from Qualcomm, Samsung account authorization/authentication code, and more.
The same group also reportedly released stolen data from NVIDIA at the end of February, threatening to release more stolen information unless the company removed LHR (which limits how effective they are at mining cryptocurrency) from its graphics cards. NVIDIA told The Verge in a statement, “shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict.”
The data released would be considered highly sensitive to Samsung, and it’s possible that it may make it easier for threat actors to identify exploits within the affected components in the future. While it’s true that having the source code itself is not a vulnerability, it can help potential attackers understand how these different components work and identify flaws in their implementations.
The data was released in three parts, as outlined by Bleeping Computer:
- Part 1: Source code and related data about Security/Defense/Knox/Bootloader/TrustedApps
- Part 2: Source code and related data about device security and encryption
- Part 3: Repositories from Samsung Github, including mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, Galaxy Store)
At the moment, device owners have nothing to worry about. There’s nothing inherently dangerous with using open-source software, and the same goes for when source code for proprietary software gets leaked. Nevertheless, always make sure your devices are kept up to date with the latest security patches and software updates.