Samsung Electronics is scrambling to deal with a potentially devastating security breach. The hacking and extortion group Lapsus$ is claiming credit for the incident, and has already leaked nearly 190GB worth of Samsung data via torrent.
While the full scope of the problem is not yet clear, Samsung has acknowledged that a breach occurred, and that some source code for its flagship Galaxy smartphones was exposed during the attack. That could be devastating for the technology giant, especially if Lapsus$’ own claims about the event prove accurate. In a preview, the group wrote that the leaked files include a wealth of confidential Samsung source code, including the bootloader source code for recent Samsung devices, and all of the algorithms for biometric device unlocking.
The news for Samsung only gets worse from there. Lapsus$ claims to have obtained the source code for every single Trusted Applet in Samsung’s TrustZone environment, which provides encryption and cryptography for highly sensitive operations. Other information potentially captured in the breach is Samsung’s activation server source code, and its API and services source code for authorizing Samsung accounts. Some confidential Qualcomm source code also may have been scooped up in the attack (the Galaxy S21 smartphone features Qualcomm’s second generation 3D sonic in-display fingerprint sensor).
If true, the information leaked in the Lapsus$ files could cut right to the core of the entire Galaxy mobile platform. Repairing the damage done to its security foundation would be difficult and expensive, and Samsung would still suffer a severe reputational hit with consumers all over the world.
Samsung, meanwhile, is not Lapsus$’ only target in recent months. The group is threatening to release NVIDIA source code unless the company gets rid of cryptocurrency mining restrictions. It is not yet clear if Lapsus$ made a similar extortion threat to Samsung before moving forward with the file leak.