It seems that the Lapsus$ data extortion group has managed to leak 190GB of confidential Samsung data. The group had previously leaked a 20GB document archive from 1TB of data stolen from the Nvidia.
The extortion group teased about releasing the data with a snapshot of C/C++ directives in Samsung software. According to Lapsus$, the upcoming leak contains “confidential Samsung source code” originating from a breach.
What’s in the Samsung secret data leak?
According to Bleeping Computer, the leaked data contains the following sensitive information.
- Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
- Algorithms for all biometric unlock operations
- Bootloader source code for all recent Samsung devices
- Confidential source code from Qualcomm
- Source code for Samsung’s activation servers
- Full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
This is by far one of the major data leaks Samsung has ever seen. The Lapsus$ data extortion group has also split the data into three compressed files and uploaded it through a Torrent. The torrent also gives a brief description of the content available in each of the three files.
- Source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Source code and related data about device security and encryption
- Repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)
Last week, the group demanded a ransom from Nvidia in exchange for the data. It is not sure if that’s the case for Samsung or not. Samsung officials are assessing the situation, but the company hasn’t said anything else about the leak yet.