Samsung data breach: Lapsus$ gang stole Galaxy devices’ source code

Pierluigi Paganini March 09, 2022

Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach.

Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models.

Last week the Lapsus$ ransomware gang claimed to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190GB of alleged Samsung data as proof of the hack.

The gang announced the availability of the sample data on its Telegram channel and shared a Torrent file to download it. They also shared an image of the source code included in the stolen data.

Stolen data contains confidential Samsung source code, including:

  • DEVICES/HARDWARE -Source code for every Trusted Applet (TA) installed on all samsung device’s TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc). THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
  • Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we’re talking individual RX/TX bitstreams here).
  • Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
  • Various other data, confidential source code from Qualcomm.
Samsung Electronics
Samsung Electronics
Source: Lapsus$ gang’s Telegram Channel

Now the company confirmed that the attack resulted in then exposure of sensitive company data.

“There was a security breach relating to certain internal company data,” Samsung told Bloomberg. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

At this time it is not possible to determine the ransom demand make to Samsung by the LAPSUS$ gang.

Recently, the Lapsus$ ransomware gang claimed responsibility for the cyber attack against chipmaker giant NVIDIA. The group announced to have stolen 1 TB of data from the company’s network. The ransomware gang leaked online around 20GB of data, including credentials for all Nvidia employees.

The gang released over 70,000 employee email addresses and NTLM password hashes.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Lapsus$ ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment