Skip to content

Lapsus$ leaks 190GB data from Samsung; company confirms data breach

  • by
  • 2 min read

After terrorising Nvidia last week by stealing their employee credentials and leaking data, the Lapsus$ group has now targeted Samsung, breaching their network and stealing confidential information, including the source code present in its Galaxy smartphones.

The leaked cache also includes details about the Trusted Applet in Samsung’s TrustZone environment, responsible for data-sensitive operations like hardware cryptography, access control and binary encryption. 

As reported by the BleepingComputer last week, Lapsus$ stole and leaked about 190GB of data they claimed to have stolen from Samsung, along with a description of the contents. The company finally confirmed the data breach in a statement to Bloomberg on Monday; however, they did not say if the attackers have made any demands as they did in Nvidia’s case. 

In the News: Rupee King rebrands to Wallet Pro in a bid to scam more people

Samsung in more trouble than Nvidia?

The data leak by Lapsus$  included the following.

  • Source code about everyt Trusted Applet in Samsung’s TrustZone environment.
  • Source code for Samsung’s activation servers.
  • Confidential source code from Qualcomm.
  • Bootloader source code from recent Samsung devices.
  • Full source code for the backend tech used to authorise and authenticate Sasmung accounts (including APIs and services).
  • Algorithms for all biometric unlock operations. 

The group had split the leaked data into three separate compressed files adding up to 190GB, and put them in a torrent with over 400 peers sharing the content. The group has also promised to deploy more servers to speed up downloads.

The torrent description reveals the contents of each part. The first part is a source code dump for Security, Defence, Knox, Bootloader, TrusterApps, and any related data. Part two contains source code about device security and encryption. Part three is a collection of Github repositories about Samsung’s mobile defence engineering, account backends, Samsung pass backend/frontend and SES, including Bixby, Smartthings and the Samsung store. 

In the News: Nvidia’s leaked signing certificates are enabling malware

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>