Samsung confirms data breach affecting source code

Consumer electronics company Samsung has confirmed a significant data breach.

The Lapsus$ ransomware group – the same group that published Nvidia data - leaked 190GB of confidential data belonging to Samsung. According to a statement released by Samsung, source code from its partners was possibly stolen, including confidential data from U.S. chipmaker Qualcomm, which supplies chipsets for Samsung smartphones sold in the United States. Lapsus$ released 190 GB of data publicly, and the breach contained information about Samsung secures its Samsung Galaxy devices, which could impact long-term device security on mobile phones.

When asked to comment, Qualcomm reported it was aware of the cybersecurity incident. In addition, the chipmaker company said it was working with Samsung to understand the scope of the incident and confirm what data belonging to Qualcomm, if any, had been breached. Spokesperson Clare Conley noted, “We have no reason to believe that Qualcomm systems or security were impacted as a result of this reported incident.”

The exposure of such highly confidential, strategic information could be devastating for Samsung. Their security teams will be working to ascertain exactly what data was stolen – and whether there might be further leaks to come, explains Jack Chapman, Egress VP of Threat Intelligence. “It’s concerning for an organization to have any data stolen by cybercriminals – but it will be the leak of confidential source code that’s keeping Samsung’s executives awake at night.”

While the breach does not impact the personal information of Samsung customers or employees, the company said, the breach could compromise the TrustZone environment on Samsung devices, which stores sensitive data, such as biometrics, passwords and other confidential details. The environment is particularly useful because its goal is to create a strong security barrier to attacks by Android malware, says Casey Bisson, Head of Product and Developer Relations at BluBracket.

And, if the leaked data allows malware to access the TrustZone environment, it could make all data stored there vulnerable. If Samsung has lost control of the signing keys, it could be impossible for Samsung to securely update phones to prevent attacks on the TrustZone environment. “Compromised keys would make this a more significant attack than Nvidia, given the number of devices, their connection to consumers, and amount of very sensitive data that phones have,” Bisson says.

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.