Lapsus$ Hackers Group at it again as nearly 200 gigabytes of data, including the source code for numerous technologies and algorithms used in biometric unlocking operations, have been reported stolen and exposed by hackers.
The stolen data allegedly contains confidential information from Qualcomm, a US chipmaker that supplies chipsets for Samsung handsets sold in the US.
Access to source code might aid threat actors in identifying security vulnerabilities that would otherwise go undetected, possibly exposing vulnerable devices or systems to exploitation or data exfiltration.
The breach was claimed by the Lapsus$ hacker group, the same group that penetrated Nvidia and then leaked thousands of employee credentials online.
Lapsus$ claims to have obtained source code for trusted applets installed in Samsung’s TrustZone environment, which Samsung phones use for sensitive operations, algorithms for all biometric unlock operations, and bootloader source code for all recent Samsung Galaxy devices in a post on its Telegram channel.
What They Are Saying
Samsung Spokesperson confirmed a “security breach” related to some internal company data but said no personal data belonging to customers or employees were accessed by the hackers.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
When enquired, Qualcomm stated that it was aware of a reported incident involving Samsung.
Read Also : How To Use Your Smartphone as a CCTV Camera Without Internet.
“We take these claims very seriously and are working expeditiously with Samsung to understand the scope of the incident, as well as to confirm what Qualcomm data, if any, have been impacted. We have no reason to believe that Qualcomm systems or security were impacted as a result of this reported incident,” said Clare Conley, Qualcomm spokesperson.
Possible Motive Behind The Data Breach
It’s unclear if Lapsus$ wanted a ransom from Samsung before publishing the data as it did with Nvidia’s increasingly strange requests. The group asked that the American chipmaker deactivate its controversial Lite Hash Rate (LHR) feature and open-source its graphics chip drivers for macOS, Windows, and Linux.
Although the deadline passed on Friday, the hacker gang has yet to carry out its threat.
About Samsung
Samsung is a South Korean electronics manufacturer that is one of the world’s biggest. Samsung manufactures a broad range of consumer and industrial electronics, including appliances, digital media devices, semiconductors, memory chips, and integrated systems, among other things. It has become one of the most well-known technological brands.
What to know about Lapsus$
It’s a ransomware group, Lapsus makes money by breaking into business networks and then extorting them for cash. Sometimes they steal data and hold it hostage.
The group’s notoriety is increasing as they continue to hack and steal data from the world’s tech giants. They hacked Nvidia and were able to expose some personal information onto torrent sites. Then came Samsung, which had vital data about the security of its phones stolen.