After terrorising Nvidia last week by stealing their employee credentials and leaking data, the Lapsus$ group has now targeted Samsung, breaching their network and stealing confidential information, including the source code present in its Galaxy smartphones.
The leaked cache also includes details about the Trusted Applet in Samsung’s TrustZone environment, responsible for data-sensitive operations like hardware cryptography, access control and binary encryption.
As reported by the BleepingComputer last week, Lapsus$ stole and leaked about 190GB of data they claimed to have stolen from Samsung, along with a description of the contents. The company finally confirmed the data breach in a statement to Bloomberg on Monday; however, they did not say if the attackers have made any demands as they did in Nvidia’s case.
Samsung in more trouble than Nvidia?
The data leak by Lapsus$ included the following.
- Source code about everyt Trusted Applet in Samsung’s TrustZone environment.
- Source code for Samsung’s activation servers.
- Confidential source code from Qualcomm.
- Bootloader source code from recent Samsung devices.
- Full source code for the backend tech used to authorise and authenticate Sasmung accounts (including APIs and services).
- Algorithms for all biometric unlock operations.
The group had split the leaked data into three separate compressed files adding up to 190GB, and put them in a torrent with over 400 peers sharing the content. The group has also promised to deploy more servers to speed up downloads.
The torrent description reveals the contents of each part. The first part is a source code dump for Security, Defence, Knox, Bootloader, TrusterApps, and any related data. Part two contains source code about device security and encryption. Part three is a collection of Github repositories about Samsung’s mobile defence engineering, account backends, Samsung pass backend/frontend and SES, including Bixby, Smartthings and the Samsung store.