Samsung Electronics has been hit by a devastating cyberattack that has resulted in a lot of confidential data being leaked online.
Reports mention that Samsung’s confidential source code has been leaked in this attack in addition to other secret data. The hackers have provided a list of all the data that has been leaked in this security breach.
Samsung has lost almost 190GB of secret data
The Lapsus$ group has claimed responsibility for the attack. They published a snapshot of C/C++ directories in Samsung software to show that they would be releasing the data online.
A description of the leak was then published. It mentions source code for every Trusted Applet installed in Samsung’s TrustZone environment used for encryption, access control, hardware cryptography, etc. All of the leaked data adds up to almost 190GB. Lapsus$ has split it into three compressed files that have now been leaked as a torrent online.
Algorithms for all biometric unlock operations, bootloader source code for all recent Samsung devices, secret source code from Qualcomm, source code for Samsung’s activation servers, and the full source code for tech used to authorize and authenticate Samsung accounts, including APIs and services has apparently been leaked.
It’s unclear if Lapsus$ made any demands to Samsung. A report out of South Korea mentions that Samsung officials are assessing the situation. The company hasn’t said anything else about the leak as yet.