Last Friday Samsung was hacked by the group known as Lapsus$ who had successfully hacked Nvidia in the same week
It was reported on Friday by Bleeping Computer, an information security and technology news publication, that a major Samsung hack allegedly leaked the confidential source code and the biometric unlock algorithm. The hack included source code for the operation of its Galaxy smartphones
Friday's report stated that the Lapsus$ data extortion group leaked a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.
The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer.
In a note posted by the extortion gang, they teased about releasing Samsung data with a snapshot of C/C++ directives in Samsung software.
Shortly after teasing their followers, Lapsus$ published a description of the upcoming leak, saying that it contains "confidential Samsung source code" originating from a breach. The description covered:
- source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
- algorithms for all biometric unlock operations
- bootloader source code for all recent Samsung devices
- confidential source code from Qualcomm
- source code for Samsung’s activation servers
- full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
Lapsus$ split the leaked data in three compressed files that add to almost 190GB and made them available in a torrent that appears to be highly popular, with more than 400 peers sharing the content. For more on this, read the full report by Bleeping Computer.