Hackers Steal, Publish Purported Samsung Galaxy Smartphone Source Code

The hacking group Lapsus$ is allegedly responsible for obtaining confidential data including the source code that operates Samsung Galaxy smartphones. Samsung confirmed the security breach Monday, although the company did not identify the attacker.

Lapsus$ is the same group that has claimed responsibility for the Nvidia breach reported last week. The incident resulted the theft of more than 71,000 employee credentials, which Lapsus$ published. The group hit Samsung around the same time, and leaked the source code late last week, according to BleepingComputer.

In response to an inquiry from Channel Futures, a Samsung spokesperson provided a statement acknowledging the breach.

“Immediately after discovering the incident, we strengthened our security system,” according to the statement. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees.”

The group stole roughly 190GB of data from Samsung. However, once unzipped, the uncompressed files amounted to 402GB of data, South Korea-based research provider Pickool reported on Monday. According to the report, the files included source code for Samsung’s new Galaxy S22 and earlier smartphones.

Presuming the data published is accurate, it includes source code for Trusted Applets (TAs) installed on Samsung devices’ Trust Zone. It also includes biometric unlock operations algorithms including the source code that communicates with a device’s sensors. Also unleashed was the bootloader source code for recent Samsung devices, along with the Knox device protection software.

The leaked code could give competitors and edge to non-patented device functions and features. It could also enable hackers to find vulnerabilities in Knox and the software that operates Samsung Galaxy phones, Pickool warned. On the upside, it will help security researchers discover vulnerabilities.

Nvidia Denies Ransom Demand

Nvidia denied reports that Lapsus$ is threatening to publish trade secret including source code for the company’s recent graphic chips. TechCrunch and Telegram are reporting that it isn’t money that the group is demanding. Rather, it wants Nvidia to remove Lite Hash Rate (LHR), a controversial feature that limits the Ethereum mining capabilities of its RTX 30 series graphics cards.

The GPU maker acknowledged the breach in a product security bulletin last week. Nvidia hasn’t posted any updates since March 1. But a Nvidia spokesman responded to an inquiry from Channel Futures stating the company is not aware of any ransomware.

“We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online, according to the statement. “Our team is working to analyze that information.”