When you are talking about phone security, Samsung has always been talking about the security measures that the company has, especially when you are talking about Samsung Knox that is available on Samsung Galaxy phones and other products. However, in this world, no one really is immune from security breaches and Samsung has now confirmed that it went through a massive breach.
Samsung in Trouble as the Source Code for Galaxy Phones Has Been Stolen
Samsung confirmed the security breach to Bloomberg and stated “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”p
Data extortion group called ‘Lapsus$’ went ahead and published a collection of confidential data over the weekend that totaled almost 190GB. According to Bleeping Computer, the leak includes source code for Trusted Applet code which is used for sensitive operations like hardware cryptography, bootloader source code, code from Qualcomm, Samsung account authorization/authentication code, and more.
For those who don't know, ‘Lapsus$’ is the same group that released Nvidia's stolen data at the end of last month and threatened to release more stolen information unless the company removed the LHR from their GPUs.
Samsung's stolen data was released in three parts.
- Part 1: Source code and related data about Security/Defense/Knox/Bootloader/TrustedApps
- Part 2: Source code and related data about device security and encryption
- Part 3: Repositories from Samsung Github, including mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, Galaxy Store)
Thankfully, at the moment, Samsung Galaxy users have nothing to worry about as there is nothing dangerous about using open-source software and the same goes for the source code for proprietary software. Still, you should make sure that you are always keeping your device up to date.