Hackers have stolen Samsung’s source code and biometric unlocking algorithms for its Galaxy devices, compromising sensitive hardware controls and creating a potential security nightmare.
The South Korean electronics giant told CRN in a statement that there was “a security breach relating to certain internal company data,” involving 190 gigabytes of sensitive Samsung data, which was first reported by BleepingComputer.
Lapsus$ posted on its official Telegram account that it had leaked source code for trusted applets, algorithms for biometric unlock operations, bootloader source code for all recent Samsung devices, authentication codes, confidential source code from Qualcomm, and more.
Lapsus$, which also breached Nvidia and leaked credentials of their employees, has not made any public demands yet from Samsung. The group demanded ransom from Nvidia, which then hacked Lapsus$ and installed ransomware of its own. Samsung acknowledged the hack to Bloomberg, only to say they are currently “assessing” the breach.
“There was a security breach relating to certain internal company data,” Samsung told CRN in a statement. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
The hack is the latest in a series of Samsung hiccups. In late February, researchers at Tel Aviv University discovered a security flaw that may affect 100 million Samsung phones already shipped. That report claimed there was a specific problem with Samsung’s TrustZone system that stores cryptographic keys to protect sensitive information.
Samsung just announced the release of its latest line of Galaxy devices in February. Samsung stock was trading down early Monday afternoon, at 1,174 euros per share, a 3.45 percent drop on the day.