South Korean technology company, Samsung, has confirmed that it suffered a security breach in its system. The security breach had hackers obtaining, and further leaking about 200GB of confidential data.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung told Bloomberg.
Although, Samsung did not mention any hacker as being responsible, prior to its statement confirming the breach, the hacking group – LAPSUS$ – had made a public notice over its Telegram group, claiming responsibility for the data theft on Samsung’s servers.
The group, via its Telegram post, claims to have obtained source code for trusted applets installed in Samsung’s TrustZone environment – these codes are used by Samsung phones to perform sensitive operations.
The code also contains algorithms for all biometric unlock operations, as well as bootloader source code for all recent Samsung Galaxy devices.
LAPSUS$ hacking group, which came to limelight in December, 2021, is known to have attacked other facilities before now.
Last month, the group infiltrated Nvidia, and subsequently published thousands of employee credentials, schematics, driver source code, and information pertaining to the latest graphics chips, online.
The group also told Nvidia to open-source its GPU drivers forever, and remove its Ethereum cryptocurrency mining cap from all Nvidia 30-series GPUs – to prevent more leaks.
Responding to the breach, Samsung said the breach would not have an impact on its users, and that it has taken measures to prevent a recurrence.
“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption,” Samsung said.
There are also speculations that the codes stolen from Samsung might include confidential data from one of Samsung’s major chip making partners, Qualcomm. However, has not expressly confirmed any loss of its data.
“We take these claims very seriously and are working expeditiously with Samsung to understand the scope of the incident, as well as to confirm what Qualcomm data, if any, has been impacted. We have no reason to believe that Qualcomm systems or security were impacted as a result of this reported incident,” Qualcomm spokesperson, Clare Conley, said.
Neither Samsung, nor LAPSUS$ has said anything about a ransom prior to the attack or after the attack, but the hacking group told Qualcomm to disable its controversial Lite Hash Rate (LHR) feature and demanded it open-source its graphics chip drivers for macOS, Windows and Linux devices.