Hackers stole Samsung Galaxy source code

March 13, 2022

The hacking group LAPSUS$ claimed that it has stolen 190 GB of Samsung’s confidential data

Samsung has confirmed that it was hacked by LAPSUS$, a well-known hacking group, which has managed to steal the source code used in Galaxy devices.

The hackers managed to steal almost 190 GB of confidential data, including the source code of many technologies, as well as algorithms from biometric functions to unlock devices. LAPSUS$ had recently hacked Nvidia as well and released the personal data of thousands of its employees.

The hacking group claimed responsibility for the cyberattack in Samsung by making a post on Telegram. Within this post, the hackers reported they had gained access to the source code of confidential software installed on Samsung devices in the TrustZone environment, which performs sensitive operations on the South Korean company’s smartphone operating system.

According to LAPSUS$ the stolen data also contains confidential information from chipmaker Qualcomm, which supplies Samsung for mobile phones it sells in the US, as well as full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services

The hacking group leaked data in three compressed files and made them available in a torrent, which became highly popular within a few hours after its release. LAPSUS$ also provided a brief description of the content included in the torrent file.

As they pointed out, in the first file there was a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items. In the second file, there was a dump of source code and related data about device security and encryption and the third file contained various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smart-things, store, etc.,).

The cyberattack caused great concern to users of Samsung Galaxy mobile phones, as access to such sensitive data stressed a significant vulnerability to Samsung’s security and data protection policy. Analysts highlighted that having access to Samsung source code is evidence of vulnerability and as they pointed out it is something that can help potential attackers to better understand how the different components of Samsung’s code operate and identify flaws in their implementations.

Samsung confirmed the attack

Samsung has confirmed the security breach however it claimed that no personal data was leaked, neither from its employees nor its customers. Also, the company assured that a set of specific measures have already been taken to prevent any further breaches.

“There was a security breach relating to certain internal company data. According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact on our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption,” Samsung noted.

So far it is not clear whether LAPSUS$ contacted Samsung to make any demands before leaking the confidential source code originating from the breach, as they did in the case of the Nvidia leak.