Hackers Stole Samsung Source Codes: Details
Following reports of the data breach over the past weekend, Samsung confirmed that a hacking and data extortion group dubbed “Lapsus$” was able to steal 190GB worth of internal data from its repositories. The company confirmed it to Bloomberg recently.
“There was a security breach relating to certain internal company data,” Samsung told Bloomberg in a statement. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption,” the company further added.
The statement came after Lapsus$ hackers shared a torrent file, containing 190GB of confidential Samsung source code, to their Telegram channel on Friday. The hacking group claimed that the data could expose the company’s device security systems, and included algorithms for Samsung smartphone authentication and bootloader source code to bypass some OS controls in Galaxy devices.
Now, Samsung says that the data breach will not affect any of its customers as the hackers only stole the source codes and the company’s internal data. Furthermore, the company claims it has implemented improved security measures to prevent such attacks in the future.
However, according to a recent report by Bleeping Computer, the stolen data contains source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment, confidential source code from Qualcomm, and the full source code for the tech used for authorizing and authenticating Samsung accounts. The publication reports that if the details are accurate enough, it could cause huge damage to the company. So, if you are a Galaxy smartphone user, it is suggested that you keep your device up to date with the latest security patches to avoid losing your personal data to malicious actors.