Samsung Electronics hacked, key code may have been stolen

Home > Business > Tech

print dictionary print

Samsung Electronics hacked, key code may have been stolen

Samsung Electronics' logo printed on the company's Seocho office in southern Seoul [NEWS1]

Samsung Electronics' logo printed on the company's Seocho office in southern Seoul [NEWS1]

 
Samsung Electronics has been hacked by a group claiming to have siphoned off key data from the company.
 
The stolen information is potentially devastating for Samsung Electronics and its customers and includes bootloader source codes, "Knox" security system data and algorithms for unlock operations.
 
"Now leaking confidential Samsung source code," read a Telegram message on Sunday from Lapsus$, a hacker group that attacked Nvidia in February.
 
So far, 190 gigabytes of data have been released. It is not clear whether this is the extent of what was stolen or whether the group is holding back and still has more to release. No demands have been made public.
 
The telegram message posted by hacker group Lapsus$ on Saturday [SCREEN CAPTURE]

The telegram message posted by hacker group Lapsus$ on Saturday [SCREEN CAPTURE]

In the case of Nvidia, the group demanded the company open source some of its code and remove certain performance limits from its GPUs.
 
Samsung Electronics confirmed the hack through an internal notice posted on Monday, but that no staff or customer information was leaked as a result.
 
The company said it has been working on the problem since the weekend,  but would not provide any details beyond that.
 
"We have determined that neither the company nor its customers will be harmed," the notice said.
 
"We are coming up with additional measures to protect our staff and customers. We are sorry to worry our employees."
 
Source codes are text files of a program or operating system that can be easily read or modified. Having access to them means that a hacker can infiltrate the security system by analyzing weaknesses in software designs.
 
The possible breach of Knox data is particularly alarming. Knox is the company's mobile security service developed in 2013 and approved by the U.S. Department of Defense in the same year.
 
It is used as the security system for Samsung devices — including phones and tablets — and numerous Korean government bodies.
 
The group also claims that it accessed confidential Qualcomm data, which puts the Korean tech company at risk of facing a lawsuit from Qualcomm.
 
If the threats turn out to be true, Samsung Electronics will have no choice but to settle with the group, according to Lim Jong-in, Dean of Korea University's Graduate School of Information Security.
 
"Source codes are the essence of a company's trade secret," Lim said.
 
"If Lapsus$ decides to shut down the company's businesses or sell the information to rivals, there's nothing that the company can do. The shutdown of chips from Samsung Electronics will be like the world being cut off from Saudi Arabia's oil exports."
 
A pedestrian passes by a poster of Samsung Electronics' Galaxy S22 smartphone in southern Seoul on Feb. 14. The company said on Monday that it is assessing the current situation after being hacked by Lapsus$. [YONHAP]

A pedestrian passes by a poster of Samsung Electronics' Galaxy S22 smartphone in southern Seoul on Feb. 14. The company said on Monday that it is assessing the current situation after being hacked by Lapsus$. [YONHAP]

 
The news comes two weeks after Lapsus$ hacked Santa Clara, California's Nvidia on Feb. 23. The attacker stole 1 terabyte of information and revealed part of its trove on Telegram.
 
The data included employee credentials and some "proprietary information" from the company's system, and a team is working to analyze the information, according to Nvidia.
 
"Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement," an Nvidia spokesperson told the Korea JoongAng Daily in an email interview.
 
"We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident."
 
Last May, Colonial Pipeline, which carries gasoline and jet fuel to the Southeastern United States, suffered a ransomware attack by DarkSide, which led to the halting of the pipeline's operation.
 
The company paid 75 bitcoin, worth around $5 billion, to resume operation. A month later, the U.S. Department of Justice announced that it recovered 63.7 bitcoins from the ransom.
 
"Hackers are becoming increasingly active because cryptocurrencies like bitcoin or ethereum are untraceable," Lim said. "If what Lapsus$ claims is true, it may be better for them to settle now and catch them later."
 
Samsung Electronics ended trading Monday down 1.96 percent to 70,100 won ($57.1).

BY YOON SO-YEON [yoon.soyeon@joongang.co.kr]
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)