Samsung: 190 GB of stolen data ends up on the network

After NVIDIA it’s up to Samsung. The group of cybercriminals Lapsus $, which stole 1 TB of data from the American company last week, has targeted the Korean giant, declaring that stealing 190 GB of information coming from the smartphone division.

Samsung: 190 GB of data stolen

The data stolen from Samsung has already been published and are available for download on torrent circuits, zipped and divided into 3 parts.
The damage for the Korean giant is enormous: the 190 GB seem to contain the source code of all systems installed in the Samsung TrustZone, that is the area that manages hardware encryption, access controls and algorithms related to biometric unlocking. The torrent should also include the bootloader code, the data – confidential – that Qualcomm has provided to Samsung for software creation and even information about the servers that manage device activation, authorization and authentication of Samsung accounts.
In addition there seems to be a whole part with the codes of the various security and defense systems – including KNOX – and a backup that includes a little bit of everything from Bixby to Smarthings to backend servers for Samsung services.

All this could make life easier for hackers, allowing them to find bugs to exploit to access Samsung devices.

Has Samsung not paid the ransom?

As anticipated at the beginning, last week Lapsus $ did the same thing with NVIDIA. The theft in that case amounted to 1 TB of data but only 20 GB actually ended up online. This is because the hacker group has asked for a rather unusual ransom: to eliminate the mining limiter present in the GPU, so as to increase the production of cryptocurrencies, and to release opensource drivers for Windows, Mac and Linux.

The official position of NVIDIA is not clear but the negotiations may be underway considering that only part of the information has ended up on the net.

In the case of Samsung, on the other hand, all the data has been uploaded to torrent circuits, perhaps a sign of a clear refusal by the company to pay a ransom.

UPDATE AT 11.00

Samsung’s official statement follows:
“We found that a recent cyber attack affected some internal company data. As soon as we learned of the attack, we strengthened our security system.
Based on our initial analyzes, the attack affects some source codes related to Galaxy device operations, but does not affect the personal information of our customers or employees.
We currently do not anticipate any impact on our businesses or customers.
We have put in place various measures to prevent episodes of this type and we will continue to always be at the service and available to our customers. “