Jump to content
  • Hackers leak 190GB of alleged Samsung data, source code


    Karlston

    • 870 views
    • 2 minutes
     Share


    • 870 views
    • 2 minutes

    The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.

     

    The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer.

    Gang teases Samsung data leak

    In a note posted earlier today, the extortion gang teased about releasing Samsung data with a snapshot of C/C++ directives in Samsung software.

     

    LapsusSamsungTease.jpg

     

    Shortly after teasing their followers, Lapsus$ published a description of the upcoming leak, saying that it contains “confidential Samsung source code” originating from a breach.

     

    • source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
    • algorithms for all biometric unlock operations
    • bootloader source code for all recent Samsung devices
    • confidential source code from Qualcomm
    • source code for Samsung’s activation servers
    • full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services

     

    If the details above are accurate, Samsung has suffered a major data breach that could cause huge damage to the company.

     

    Lapsus$ split the leaked data in three compressed files that add to almost 190GB and made them available in a torrent that appears to be highly popular, with more than 400 peers sharing the content. The extortion group also said that it would deploy more servers to increase the download speed.

     

    LapsusSamsungLeak.jpg

     

    Included in the torrent is also a brief description for the content available in each of the three archives:

     

    • Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
    • Part 2 contains a dump of source code and related data about device security and encryption
    • Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)

     

    It is unclear if Lapsus$ contacted Samsung for a ransom, as they claimed in the case of Nvidia.

     

    BleepingComputer has contacted Samsung for a statement about the Lapsus$ data leak and will update the article when the company replies.

     

    This is developing story

     

     

    Hackers leak 190GB of alleged Samsung data, source code


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...