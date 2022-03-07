



Samsung confirmed a security breach after a hacker obtained and leaked about 200 gigabytes of sensitive data, including source code for various technologies and algorithms for unlocking biometrics.

The Lapsus $ hacking group was liable for the breach by the same group that broke into Nvidia and subsequently published the credentials of thousands of employees online. Lapsus $ claims in a Telegram channel post that he got the source code for a trusted applet installed in the Samsung TrustZone environment. This is the algorithm for all biometric unlock operations used by Samsung mobile phones to perform sensitive operations, and the boot loader source code for all recent Samsung Galaxy. device.

The stolen data is said to include sensitive data from US chipmaker Qualcomm, which provides chipsets for Samsung smartphones sold in the United States.

Access to source code helps threat attackers find security vulnerabilities that may not be easily found otherwise, exposing affected devices and systems to exploitation and data breaches. There is sex.

Samsung and Qualcomm spokespersons did not respond immediately when asked to comment, but in a statement shared with Bloomberg, Samsung confirmed a security breach related to certain internal data, but hackers said. He said he had never accessed the personal data of customers or employees.

According to a Samsung statement, the breach contains source code related to the operation of the Galaxy device, but does not include personal information of consumers or employees, according to the initial analysis. “Currently, we do not anticipate any impact on our business or customers. We will continue to take measures to prevent such a situation and provide services without causing any inconvenience to our customers. To go.

It’s not yet clear if Lapsus $ demanded a ransom from Samsung before leaking the data. This is similar to the increasingly weird demands aimed at Nvidia. The gang has asked US chip makers to disable the controversial Lite Hash Rate (LHR) feature and open source graphics chip drivers for macOS, Windows, and Linux devices.

The deadline came in and out on Friday, but hacking groups haven’t chased the threat yet.

