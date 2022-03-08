A hacker group managed to access Samsung’s internal and confidential data related to Galaxy line devices. The purpose of the action is not yet known, but, in theory, the information in the possession of cybercriminals would allow the company’s cell phones to be unlocked.

It is estimated that nearly 200 GB of material, which contains algorithms on hardware encryption (security layer), binary encryption (number system used in computing 0 and 1 and access control, have been leaked.

The South Korean giant confirmed the invasion but did not speak about the extent of the attack. In a note sent to tiltsaid that the personal information of its customers and employees was not affected.

“We were recently informed that there was a security breach related to certain internal company data. Immediately after the incident was discovered, we strengthened our security system,” the statement reads.

“According to our initial analysis, the breach involves some source code related to the functioning of Galaxy devices, but does not include the personal information of our consumers or employees.”

Despite having assumed the flaw, the company has not confirmed whether the Lapsus$ group, which claims the action, was really the author of the attack. The network of hackers is the same that claims to have stolen up to 1 terabyte (equivalent to a thousand gigabytes) of sensitive information, with allegedly industrial secrets from the company Nvidia, known for making video cards (among other technologies) for games.

What data was leaked?

The Lapsus$ hacker group says it has made available 190 GB of leaked Samsung data divided into three torrent files, a connection protocol that allows you to get large files in parts, creating a network of connected computers, which optimizes download time.

Along with the file, there is also a brief description of the content available in each material:

Part 1: Contains source code and data related to security and defense, Knox, bootloader, Trusted Apps and many other items

Part 2: Contains source code and related data on security and encryption of Galaxy devices

Part 3: Contains various mobile device defense engineering data, Samsung Account backend (internal process) codes, and Samsung Pass frontend (the part that the user sees) and backend codes

Knox (or My Knox) ​​is an application developed by Samsung to encrypt sensitive data such as credit transactions and passwords.

The bootloader is a snippet of code that tells how the cell phone should be booted. Many Android users do bootloader unlocking, to customize the installed operating system.

Trusted Apps is the system the company uses asking you to confirm that you trust the app that has been installed.

Finally, there is Samsung Pass source code data, which uses biometric data to unlock the phone and unlock apps and services. This data would be hosted on GitHub, a source code and file hosting platform with version control.

What do hackers want?

It is unclear the motivation of the cybercriminals behind the attack and the Samsung data leak. Unlike the recent attack on the Nvidia company, which took place less than a week ago, the Lapsus$ group apparently made no demands or blackmail.

In the case of the US company, the hackers demanded that code that limits certain graphics processors (GPUs) from mining cryptocurrencies be removed. A year ago, Nvidia adopted a function called LHR, which stands for “low hash rate”.

This hash rate measures the amount of operations a cryptocurrency mining network is capable of performing. The idea was to prevent GPUs from being used for purposes other than gaming, and there was no shortage of the product on the market. Another line of processors, aimed at mining cryptocurrencies, has also been launched, but there are always those who want to do both.

*With information from Bloomberg, The Verge, Bleeping Computer and TechCrunch