top of page
Writer's pictureNexix Security Labs

Hackers leak 190 GB of alleged Samsung data and source code


Recently, the data extortion gang Lapsus$ published a massive collection of confidential data, claiming to be from Samsung Electronics, the South Korean consumer electronics behemoth.


Lapsus$ released a 20GB document collection from 1TB of data taken from Nvidia GPU designer less than a week ago.



The extortion gang teased about revealing Samsung data with a snapshot of C/C++ instructions in Samsung software in a previous note.


Lapsus$ issued a summary of the imminent leak shortly after tantalizing their followers, claiming that it contained "secret Samsung source code" stemming from a breach.

  • Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)

  • Algorithms for all biometric unlock operations

  • Bootloader source code for all recent Samsung devices

  • Confidential source code from Qualcomm

  • Source code for Samsung’s activation servers

  • Full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services

If the information above is correct, Samsung has had a big data breach that could result in significant financial loss.


Lapsus$ divided the disclosed data into three compressed files totaling about 190GB and uploaded them to a torrent that appears to be very popular, with over 400 peers spreading the content. The extortion organization further stated that it would boost the download speed by deploying more servers.

A brief explanation of the content contained in each of the three vaults is also included in the torrent:


Part 1 contains a source code dump as well as other information about Security/Defense/Knox/Bootloader/TrustedApps and other topics.


Part 2 includes a source code dump as well as info on device security and encryption.


Samsung GitHub repositories for mobile defensive engineering, Samsung account backend, Samsung pass backend/frontend, and SES are all included in Part 3. (Bixby, Smartthings, store)


It's unknown if Lapsus$ attempted to contact Samsung for a ransom, like they did with Nvidia.


For more information visit us on: www.nexixsecuritylabs.com


To schedule an audit you can contact us at: contact@nexixsecuritylabs.com


Your Security | Our Concern



Recent Posts

See All

Comments


bottom of page