According to Lapsus$, they have the “source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations” and “technology used for authorizing and authenticating Samsung accounts”. They also have “algorithms for all biometric unlock operations.” From what we can see, this breach didn’t compromise the personal information of Samsung consumers. And the company did confirm that in a statement to SamMobile. The Korean firm said it has strengthened its security system to avoid future breaches, at least until the next time. Meanwhile, it’s advisable that you update your passwords and enable 2FA (two-factor authentication) for all Samsung services. It’s always a safe practice to periodically change passwords. A statement from Samsung sheds some light on the situation, and it gives us some good news. “…the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees… we do not anticipate any impact to our business or customers.”
Samsung is the latest victim of Lapsus$
Lapsus$ has preyed on several major tech companies over the years. Recently, they stole 1TB of data from GPU designer NVIDIA. They dumped a 20GB archive of the stolen data and demanded a ransom from the company. If not paid, they threatened to release the rest of the data, which could have catastrophic consequences to NVIDIA’s business. Going by this, there’s a possibility that the scale of this Samsung data breach is much bigger than 190GB. We could hear something from Lapsus$ over the next few days if they plan to extort any money from the Korean behemoth. As for Samsung, this breach could have serious ramifications regardless of whether it has to pay any ransom. As the new report notes, leaked source code is never a good thing. Its rivals could get insight into the company’s business structures and strategies, which could have long-term impacts on its business. Worse yet, this comes at a time when Samsung shareholders are demanding a leadership change following an unfortunate turn of events recently. The company first lost a chip manufacturing contract from Qualcomm, which has triggered an investigation into potential fraud. Samsung was also recently caught throttling the performance of many popular apps on its devices. The upcoming Samsung shareholders meeting on March 16 may be an interesting one to look forward to.