DecryptedTech

Friday19 August 2022

Samsung Might be the Next Victim of the Same Group that Hacked NVIDIA


Reading time is around minutes.

The Lapsus$ group, the same ones that broke into NVIDIA and Stole corporate data and had their attack VM encrypted, appear to have also broken into Samsung. Lapsus$ has leaked what they claim to be source code for several sensitive applications include apps that run in the Trust Zone on Samsung Mobile Devices.

This leak comes on the heels of a 20GB leak of NVIDIA data that included details of NVIDIA’s DLSS feature. Unlike the leak from NVIDIA, the Samsung leak does not have an exciting story of being “hacked back” nor references to crypto mining (at this stage). In fact, at the time of this writing, we are not even sure that Samsung was contacted by the group before the leak.

The leak is reportedly 190GB of confidential data has been split into 3 parts. It is available via a torrent that according to Bleeping Computer, has about 400 peers sharing it. If the description is accurate, it contains the following data:

source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
algorithms for all biometric unlock operations
bootloader source code for all recent Samsung devices
confidential source code from Qualcomm
source code for Samsung’s activation servers
full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services

This leak, if real, represents a severe breach and data loss for Samsung. It is also a danger for any users of Samsung Products. There is no official word from Samsung on the veracity of the leaked data or indeed any information around the incident at all other than what has been published from the Lapsus$ group themselves. There has also not been a detailed analysis of the leaked data to see if it stands up.

We will keep you up to date as we find out more.
Updated information - Samsung Confirms Breach

Last modified on Monday, 07 March 2022 12:26

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.