Samsung has confirmed that it was the recipient of a data breach that leaked almost 200 gigabytes worth of data for its Galaxy devices, including some of which may include data from Qualcomm.
The statement came after a claim over the weekend that LAPSUS$, a hacking group that stole proprietary information from Nvidia’s networks, had gained access to Samsung data. Samsung did not identify the attackers who compromised its systems and said that measures to prevent further breaches have been put in place, and customers’ personal data was not affected.
“There was a security breach relating to certain internal company data,” Samsung said. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees.
Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
Lapsus$ published a description of the upcoming leak, saying that it contains “confidential Samsung source code” originating from a breach.
- source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
- algorithms for all biometric unlock operations
- bootloader source code for all recent Samsung devices
- confidential source code from Qualcomm
- source code for Samsung’s activation servers
- full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
Lapsus$ split the leaked data in three compressed files that add to almost 190GB and made them available in a torrent, with more than 400 peers sharing the content. The extortion group also said that it would deploy more servers to increase the download speed.
Included in the torrent is also a brief description for the content available in each of the three archives:
- Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Part 2 contains a dump of source code and related data about device security and encryption
- Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)