NVIDIA Hackers Slip $ Behind 190GB Samsung Data Breach, Galaxy Hack,
The bad news is that Samsung has now confirmed that a criminal group has indeed managed to breach security and steal code related to the operation of Galaxy smartphones. The good news is that customer data does not appear to have been breached and Samsung says it does not anticipate any impact to its business or customers.
The fact that the 190GB of PIN that appears to have been stolen include, according to the cybercriminal group behind the incident, the Galaxy biometric authentication algorithms and the source code of the bootloader, however, is not really reassuring.
Here’s what we know so far.
When was Samsung hacked?
Although a specific timeline has yet to be set, news of the massive hack first surfaced on March 4 after the criminals, a cyber-extortion gang known as Lapsus$, published a teaser regarding the Samsung data he was about to leak. Bleeping Computer revealed that the allegedly stolen code, 190B in total, included the source of trusted applets in the smartphone’s TrustZone environment.
If this sounds familiar, it’s because it was recently revealed how security researchers discovered serious vulnerabilities in the cryptographic design and code structure of the TrustZone Operating System (TZOS) which is part of the Secure Execution Environment (TEE) of Galaxy Smartphones. The two things seem linked, I might add, only by chance.
The leaked $lapse teaser didn’t stop there, however, with claims that biometric unlocking algorithms, bootloader source code, and Samsung activation server code (for first time setup of the device) had also been exfiltrated.
When was the Samsung hack confirmed?
Confirmation of the hack finally came, through a statement to Bloomberg on March 7.
“Based on our initial analysis, the breach involves source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees,” the statement confirmed. He also said that, at least as of March 7, Samsung had “anticipated no impact on our business or our customers” and concluded that the smartphone giant had measures in place to prevent any further incidents like this. .
I have contacted Samsung and will update this article when I have more information to report.
Who or what is Lapsus$?
Truth be told, not much is known about the group Lapsus$ right now. Something I hope I can rectify as I am currently investigating the cybercriminal gang with the help of prominent threat intelligence experts. You can catch up on this investigation over the weekend when my story is published.
So far, however, what I can say is that Lapsus$ has hit some big names since it was spotted on search radar in 2020. It wasn’t until the following year, however, that a violation of the Ministry of Health in Brazil was claimed by the group. Although Lapsus$ is believed to have followed the typical post-ransomware threat model of demanding money to prevent the publication of exfiltrated confidential data, it is far from clear whether ransomware, in the widely accepted sense , has been used. Instead, it seems, Lapsus$ is sitting firmly on the data extortion side of the criminal fence.
We know that Lapsus$ attacked NVIDIA recently and there was apparently a bizarre, almost amateurish request for the graphics card goliath to remove the limiters that hamper cryptocurrency mining operations rather than money. None of this has been confirmed by NVIDIA, beyond confirming that a cybersecurity incident occurred on February 23 that “impacted computing resources” and involved the theft of “certain NVIDIA Proprietary Information”. However, since then it appears that stolen NVIDIA code signing certificates are being actively used to help malware infect Windows devices.
Like I said I’m digging deeper this week and hope to have more info on Lapsus$ by the weekend, including any confirmed geopolitical links, the group is currently believed to operate in South America , so keep an eye on my Forbes page for an update.
What do security experts have to say about Samsung’s flaw?
Jake Moore, Global Cybersecurity Advisor at ESET and friend of the Straight Talking Cyber video team, says “Data breaches like this often come with a price, but these bad actors just released the data directly without a ransom note. “. , leaving targeted victims to scramble to try to lessen the impact where possible.”
Meanwhile, Matt Aldridge, Senior Solutions Consultant at Webroot, says it’s “another lesson for all organizations to keep in place adequate technical defenses to ensure cyber resilience – including technologies threat intelligence, up-to-date software and operating systems, and appropriate employees Companies should also have a good backup strategy, data recovery, and restoration plans in place to mitigate the impact of any loss of data.