The data leak of Samsung’s smartphones has been making headlines lately. A South American hacking group called Lapsus$ uploaded a trove on Friday, which they claim includes information from the smartphone manufacturer according to Bleeping Computer.

The leak of this sensitive data could cause a significant problem for Samsung. The collective has obtained all recent device bootloader sources and code related highly-personal features like biometric authentication, On-Device encryption, etc. They also say it includes confidential information from Qualcomm. This database contains approximately 190GB worth (GB), actively being shared on a torrent. According to The Korean Herald, Samsung is assessing the situation.

According to an article by Bleepingcomputer, here is a list of leaked segments:

• source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
• algorithms for all biometric unlock operations
• bootloader source code for all recent Samsung devices
• confidential source code from Qualcomm
• source code for Samsung’s activation servers
• full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services

Lapsus$ is the same Data extortion entity group that was involved in NVIDIA’s data breach. According to Vx-underground, Lapsus$ says it obtained approximately 1TB of confidential information from the GPU designer, including schematics and driver source code.

References:

• http://www.koreaherald.com/view.php?ud=20220305000115
• https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
• https://www.engadget.com/samsung-lapsus-leak-181517961.html