It appears that data extortion group Lapsus$ has managed to leak 190GB of sensitive data from Samsung. The group had previously leaked a 20GB document file from 1TB of data stolen from Nvidia.
The extortion group mocked the data release with a snapshot of the C/C++ directives in Samsung software. According to Lapsus$, the upcoming leak contains "confidential Samsung source code" that originates from a breach.
What's in the Samsung secret data leak?
According to computer beepthe leaked data contains the following sensitive information.
- Source code for each Trusted Applet (TA) installed in the Samsung TrustZone environment used for sensitive operations (eg, hardware cryptography, binary encryption, access control)
- Algorithms for all biometric unlocking operations
- Bootloader source code for all recent Samsung devices
- Confidential Qualcomm Source Code
- Source code for Samsung activation servers
- Full source code of the technology used to authorize and authenticate Samsung accounts, including APIs and services
This is by far one of the biggest data leaks Samsung has ever seen. The Lapsus$ data extortion group also split the data into three compressed files and uploaded them via torrent. The torrent also offers a brief description of the content available in each of the three files.
- Source code and related data on Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Source code and data related to device security and encryption
- Samsung Github Repositories: Mobile Defense Engineering, Samsung Account Backend, Samsung Pass Backend/Frontend, and SES (Bixby, Smartthings, Store)
Last week, the group demanded a ransom from Nvidia in exchange for the data. Not sure if that's the case for Samsung or not. Samsung officials are assessing the situation, but the company has yet to say anything more about the leak.
