After the NVIDIA case last week, there appears to be no respite in the digital world, and the Lapsus group is once again the center of attention. In this case, the victim is Samsung, which has been the target of a massive data theft that has been leaked on Torrent, putting millions of Samsung smartphones at risk.
The information that would have been stolen and published would involve:
Source code for every Trusted Applet (TA) used for sensitive tasks in Samsung’s TrustZone environment (e.g. hardware cryptography, binary encryption, access control) Algorithms for unlocking biometrics in general All recent Samsung smartphones’ bootloader source code Qualcomm’s confidential source code Samsung’s activation servers source code The complete source code for the technology that authorizes and authenticates Samsung accounts, including APIs and services. However, unlike the Nvidia case, the 190GB of data stolen from Samsung was only available through torrents. The hack is extremely risky because Samsung’s TrustZone section contains highly sensitive data.
Furthermore, having access to the source code could allow hackers to discover security flaws before Samsung can patch them (there is no 100 percent secure system and 0-days updates are proof of this).
The disclosure of all the material is still surprising because, in general, these hackers demand a ransom and only disclose the material they have in their possession if they are not paid. We’ll see whether there’s any fresh information in the next hours/days; nonetheless, it’s apparent that the story will garner a lot of attention, and Samsung will have to come up with new measures to secure the data of millions of potential customers.
Last Friday, NVIDIA confirmed that it had begun investigations into a “incident” involving the malfunction of certain services, including the internal email system and certain developer tools, without providing further details; however, according to internal Telegraph sources, an intrusion into the company’s computer systems would have occurred two days prior, “completely compromising” them.
The LAPSU $ hacking group claimed responsibility for the attack, claiming to have stolen over 1 TB of proprietary material and threatening to publish sensitive information such as passwords and employee accounts. Few of the accompanying proofs – a series of screenshots that did not allow to definitely confirm the authenticity of the statements, at least from the outside.