Samsung Electronics hacked, key code may have been stolen
Published: 07 Mar. 2022, 17:44
Updated: 07 Mar. 2022, 20:09
Samsung Electronics has been hacked by a group claiming to have siphoned off key data from the company.
The stolen information is potentially devastating for Samsung Electronics and its customers and includes bootloader source codes, "Knox" security system data and algorithms for unlock operations.
"Now leaking confidential Samsung source code," read a Telegram message on Sunday from Lapsus$, a hacker group that attacked Nvidia in February.
So far, 190 gigabytes of data have been released. It is not clear whether this is the extent of what was stolen or whether the group is holding back and still has more to release. No demands have been made public.
Samsung Electronics confirmed the hack through an internal notice posted on Monday, but that no staff or customer information was leaked as a result.
The company said it has been working on the problem since the weekend, but would not provide any details beyond that.
"We have determined that neither the company nor its customers will be harmed," the notice said.
"We are coming up with additional measures to protect our staff and customers. We are sorry to worry our employees."
Source codes are text files of a program or operating system that can be easily read or modified. Having access to them means that a hacker can infiltrate the security system by analyzing weaknesses in software designs.
The possible breach of Knox data is particularly alarming. Knox is the company's mobile security service developed in 2013 and approved by the U.S. Department of Defense in the same year.
It is used as the security system for Samsung devices — including phones and tablets — and numerous Korean government bodies.
The group also claims that it accessed confidential Qualcomm data, which puts the Korean tech company at risk of facing a lawsuit from Qualcomm.
If the threats turn out to be true, Samsung Electronics will have no choice but to settle with the group, according to Lim Jong-in, Dean of Korea University's Graduate School of Information Security.
"Source codes are the essence of a company's trade secret," Lim said.
"If Lapsus$ decides to shut down the company's businesses or sell the information to rivals, there's nothing that the company can do. The shutdown of chips from Samsung Electronics will be like the world being cut off from Saudi Arabia's oil exports."
The news comes two weeks after Lapsus$ hacked Santa Clara, California's Nvidia on Feb. 23. The attacker stole 1 terabyte of information and revealed part of its trove on Telegram.
The data included employee credentials and some "proprietary information" from the company's system, and a team is working to analyze the information, according to Nvidia.
"Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement," an Nvidia spokesperson told the Korea JoongAng Daily in an email interview.
"We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident."
Last May, Colonial Pipeline, which carries gasoline and jet fuel to the Southeastern United States, suffered a ransomware attack by DarkSide, which led to the halting of the pipeline's operation.
The company paid 75 bitcoin, worth around $5 billion, to resume operation. A month later, the U.S. Department of Justice announced that it recovered 63.7 bitcoins from the ransom.
"Hackers are becoming increasingly active because cryptocurrencies like bitcoin or ethereum are untraceable," Lim said. "If what Lapsus$ claims is true, it may be better for them to settle now and catch them later."
Samsung Electronics ended trading Monday down 1.96 percent to 70,100 won ($57.1).
BY YOON SO-YEON [yoon.soyeon@joongang.co.kr]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)