Samsung Electronics Co. Ltd. today confirmed that it has suffered a data breach in which confidential information was stolen, including the source code for its Galaxy smartphones.
Theft occurred late last week. The Lapsus $ ransomware gang took the credit. Lapsus $ is the same hacking group that was behind the theft of data from Nvidia Corp., as reported on March 1.
Lapsus $ claims to have stolen 190 gigabytes of data, including Trust Applet source code, algorithms for biometric unlock operations, bootloader source code and confidential source code from Qualcomm Inc. The group also claimed to have stolen Samsung activation server source code, Samsung accounts full source code and various other data.
The form of attack that resulted in the data theft is not clear. Lapsus $ is known for ransomware attacks, but it’s not the only type of attack the gang participates in. As with Nvidia, the hacking of Samsung may have been a simple data theft and extortion rather than the direct use of ransomware.
Samsung officially refers to theft as a “security breach relating to certain internal company data.”
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said in a statement reported by Sammobile. “Currently, we do not anticipate any impact on our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption. ”
Although it’s a positive for customers that personal information was not stolen, theft of Samsung source code is still quite serious.
“Trojan apps that harvest contacts and credentials from other apps, such as banking apps, are fairly common on Android, but the ability to crack a phone’s biometric data or lock screen has been limited to highly-funded threat actors including state-sponsored espionage,” Casey Bisson, head of product and developer relations at code security company BluBracket Inc., told SiliconANGLE. “The leaked source code could make it substantially easier for lesser-funded threat actors to execute more sophisticated attacks on the most secure features of Samsung’s devices.”
Bisson noted that the stolen code could allow for sophisticated attacks such as breaking through a phone’s lock screen, exfiltrating the data stored in the Samsung TrustZone environment and zero-click attacks that install persistent backdoors into victim’s phones.
Jack Chapman, vice president of threat intelligence at human layer security company Egress Software Technologies Ltd. said that “it’s concerning for an organization to have any data stolen by cybercriminals – but it will be the potential leak of confidential source code that’s keeping Samsung’s executives awake at night.”
“The exposure of such highly confidential, strategic information could be devastating for Samsung and their security teams will be working to ascertain exactly what data was stolen – and whether there might be further leaks to come,” Chapman added.