On Monday, it was confirmed by Samsung that they had a data breach that exposed internal company data relating to the company’s line of Smartphones, Galaxy.
The incident was first reported at the end of last week, when data extortion group Lapsus$ leaked nearly 190GBs of data that they claimed were stolen from Samsung Electronics. The same group was also responsible for another data breach at Nvidia last month, when 71,000 employee credentials were stolen with some of them being leaked online, after Nvidia refused to meet the groups demands. Those demands being to open-source their GPU drivers and to remove the Ethereum mining cap on their GPUs.
The group first posted a snapshot of C/C++ directives in Samsung software as a teaser for its followers.
Shortly after, they released a description of the upcoming leak, which included source code for trusted applets installed within TrustZone (which is used for sensitive operations like access control), algorithms for biometric authentication, bootloaders for recent devices, and even confidential data from Samsung’s chip supplier, Qualcomm. The data was later made available in a torrent, with more than 400 peers sharing the content. The group even said that they would deploy more servers to further increase the download speed.
Access to source code can help malicious parties find security vulnerabilities, which potentially opening affected devices or systems to exploitation.
A spokesperson for Samsung stated that the security breach was related to some internal company data but said no personal data belonging to customers or employees were included.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
When asked to comment, Qualcomm stated that they are working with Samsung to understand the scope of the incident, and confirm what Qualcomm data was stolen. They also stated they they do not believe that any of their systems or security has been impacted.
Casey Bisson, head of product and developer relations at BluBracket, told threatpost via email that “If Samsung’s keys were leaked, it could compromise the TrustZone environment on Samsung devices that stores especially sensitive data, like biometrics, some passwords and other details,” and also adding that “If Samsung has lost control of the signing keys, it could make it impossible for Samsung to securely update phones to prevent attacks on the TrustZone environment.”
Unlike their previous data breach with Nvidia, it is unclear whether the group made any demands to Samsung before releasing the data, as Samsung did not mention if the group made any ransoms.
In conclusion, Samsung has stated that there has been no impact to its business or its customers caused by the data breach, but the contents of the leaked data has serious implications on the security of Samsung Galaxy devices in the future.
REFERENCES
https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
As a Samsung user, I am slightly concerned what “the contents of the leaked data has serious implications on the security of Samsung Galaxy devices in the future” entails. I also wonder how the data was stolen in the first place, but it seems like a phishing attack was the culprit.
I wonder if they had any deeper meaning to attack Samsung, Since by attack Nvidia they wanted to remove Ethereum mining caps like you said which may increase the value of Ethereum which a lot of cybercriminals get paid in. I wonder what the capabilities of Lapsus$ are and how many members there are, as it seems like they have the capabilities to attack large companies. Although I question their capabilities like when they said Nvidia counter hacked them. Hopefully no keys were lost as it could lead to significant vulnerabilities with TrustZone as you said. I wonder how much this will affect Samsungs security going forward as source code being leaked for some apps in Trustzone could provide a avenue of attack and since the code is leaked security vulnerabilities could be more easily found.
I currently use a samsung device right now, and I have always been a samsung user. After this post I must say I am somewhat doubting my decisions. Samsung has always been toe to toe with apple, constantly bringing new changes and new upgrades. I have always heard them talk about their so called “new camera setup” and brand new chipset, but I have never heard them talk about any new security features. This blog just proves that Samsung’s security is somewhat weak as compared to Apple. However, these things happen and we must give the company to come up with something which would raise our hopes. Great Post!!
Interesting post, I honestly was not aware that Nvidia had a cap on Etherium regarding their GPUs. I also hadn’t considered the concept of attacking the producers of GPUs for releasing restrictions on cryptocurrencies, however, it makes a lot of sense once you are aware. Personally I use an Apple device (I know, I know using an Apple device while in Comp Sci is sometimes looked down upon) and I enjoy the lack of attention I have to pay to that devices security, however, I do believe that any system is penetrable and that my lack of care for cellular security could harm me in the future. This definitely gives me a new perspective on attacks like these and will keep an eye out in the future for sure!
Interesting read.
It seems like what was leaked was (hopefully) purely infrastructural and design. It’s scary to think that the top South Korean tech giant was able to be breached like this, albeit I do believe their system is set up in layers so this loss is actually quite minimal. Probably even no impact except for image and reputation. Cybersecurity is a real thing, and no tech giant is completely safe proving we need more cybersecurity experts now more than ever before.
This was a pretty interesting post to read. To think that a tech giant got breached, could very well entail dangerous things for the future. Regarding cybersecurity and privacy, no tech company whether big or small is 100% safe, which is terrifying in this day and age with the rapid growth of technology. This post certainly made me realize how easily things could go wrong, and hopefully, more people are aware so that action could be taken if things go wrong.
We all know that Samsung is famous through out the entire world for their smartphones, digital payments, gadgets and what not. I ,myself , am a user of Samsung phones and this blog really got me thinking that was it a wise decision to buy a phone based on its look, specifications but never thought that security could be an issue. This Samsung phone has become my daily driver and these security breaches would mean that all the confidential, personal and professional information could be used by a third party to cause unprecedented harm. Even though Samsung stated none of the stolen data will cause significant damage, but what if Samsung is just covering up to retain customers and its status in the technological market?
As someone with a Samsung phone it is concerning that the source code for their security got leaked. It is interesting that the attackers either did not give any ransom demands or Samsung did not release them to the public. This group of attackers also seem to be targeting large companies companies with lots of influence and it will be interesting but slightly frightening to see who their next target will be. Hopefully, Samsung tightens up their security and updates their source code to eliminate any possible vulnerabilities that arise from this data breach.
As a Samsung phone user, I always think Samsung’s privacy service is better. Often there is a more secure way to keep highly private files, contacts, and even notes. In this case, however, the leak could be fatal. It is not known whether Samsung will update its system in response to the leak. This may seem difficult, but if the source code of A Samsung device is leaked, the likelihood of an attack on a Samsung device is greatly increased.
Thanks for the great post! It is quite concerning. Even though Samsung said there has been no impact to its business or its customers casued by the data breach. I agree with you that the contents of the leaked data has serious implications on teh security of Samsung devices. As Casey Bisson said, if Samsung’s keys are leaked, It can compromise entire TrustZone enviromnet on their device. There are already 400 peers sharing the content thorough a torrent. Internal company data such as source code for tursted applets, algorithms for biometric authentication, and bootloaders for recent devices can greatly help people with malicious intention to find security vulnerabilities. If someone can find security vulnerabilies and take advantage of this information, it could affect whole Samsung devices, and systems. I hope Samsung finds their ways to protect their system and their users.
I have been using Samsung phone for a while now and after reading this post I feel scary even though I felt like Samsung’s privacy setting and service were good. Also by hacking Samsung smartphone, they could also have had the stolen data from Qualcomm servers. I also read a article that this Lapsus group attacked a big game company Ubisoft a while ago. I hope everything is back on track for Samsung.
That was an interesting post to read! I can’t believe that the security code for Samsung got leaked so easy!! In this case attacks on Samsung devices will be increased greatly. I believe that there will be alot of consequences including destruction or corruption of databases. I am amazed on how attackers are finding ways to gain and access others personal informations. I believe that one attack using this source code can be really fatal. Overall, it was a well-written post to read!
Good Post! As an owner of an older model of the Samsung Galaxy phone this information is a little frightening, it might be time to upgrade. Something that stood out to me was that this is the same group that breached Nvidia last month. I find their demands of removing the Ethereum GPU mining cap from Nvidia graphics cards rather hilarious. Imagine successfully attacking and breaching the technology giant Nvidia, successfully gaining access to 71,000 employee credentials, and then simply ransoming them for increased crypto-mining capability. I guess this is a testament to how large and profitable cryptocurrency has become, as this group could have easily requested a lump sum of money instead.
Considering Samsung has the largest market share in mobile phones, it’s quite worrying that the source code for their phones have been leaked. I’m not too worried about new vulnerabilities popping up since the base of their operating system is built on android as far as I know, something that’s already open source. However, considering the amount of tweaks present in their flavor of android it’s only natural that there may be some new exploits tailored around Samsung’s OS. The data leaked regarding Qualcomm may still be problematic but I guess only time will tell how this will pan out.
This is a fantastic piece of writing. We’re all familiar with Samsung’s smartphones, digital payments, and gadgets. I, too, own a Samsung phone, and I’m wondering if choosing a phone based entirely on its design and specifications was a wise decision. When selecting a phone, I never thought security to be an issue. This phone has been my everyday mode of transportation, and these security weaknesses mean that a third party might access all of my sensitive and personal information.
Interesting post! Its notable that the group didn’t really mention any motivations for their acts. Considering that they went after nvidia because of the mining cap on their cards, do you think that there was some other motivation present here, or just a purely blackmail/extortion kind of thing?
Interesting post! As a Samsung fan, I wonder if there is any specific purpose in their attacks since there were no damages (according to Samsung). If what they said was truth, it is the best result since no customers’ data was leaked. Also, should it be possible for them or other attackers to attack Samsung latter on based on the stolen source code?