South Korean tech giant Samsung confirmed today that hackers have succeeded in stealing internal company data and source code for Galaxy devices.
News of the hack first broke earlier this month, with a hacking group called $Lapsus claiming responsibility. The group, which recently hacked Nvidia, shared screenshots showing nearly 200GB of stolen data.
The stolen data included the source code that Samsung used for encryption functions and biometric unlocking across Galaxy devices.
- In today’s statement, Samsung neither confirmed nor denied the identity of the hackers, nor whether or not they stole encryption and biometrics data. But the company said that no personal data of employees or customers was taken.
- “There was a security breach related to some of the company’s internal data,” Samsung said in a statement reported by Bloomberg. The breach according to our initial analysis includes some source code related to the operation of Galaxy devices. But it does not include the personal information of our customers or employees.
- She added, “We do not currently expect any impact on our business or our customers.” We have implemented measures to prevent further such incidents and continue to serve our customers without interruption.
Samsung confirms source code theft
The Samsung leak includes the source code of each trusted TA applet installed in the Samsung TrustZone environment used for sensitive operations (such as hardware encryption, binary encryption, and access control).
It also includes the source code for the boot manager of all recent Samsung devices and the company’s activation servers, as well as the full source code for the technology used to authenticate with Samsung accounts, including APIs and services.
Additionally, the leak includes algorithms for all biometric unlocks and secret source code from Qualcomm.
In the case of the recent NVIDIA hack, hacking group $Lapsus attempted to blackmail the company, threatening to leak data online unless NVIDIA removes crypto-mining specifiers from certain GPUs and makes these video card drivers open source.
It is not clear if $Lapsus has made any threats to the South Korean company in an attempt to blackmail it in exchange for specific concessions.