Samsung Allegedly Hacked by Same Group Responsible for NVIDIA Leaks

[Uskompuf]

Samsung has reportedly been hacked by the LAPSUS$ hacker group who were responsible for the recent NVIDIA hack and source code releases. The group has previously stolen approximately 1 TB of data from NVIDIA servers and are currently demanding that NVIDIA release open-source GPU drivers and a bypass for the LHR GPU hash rate limiter. The stolen Samsung data is reportedly 190 GB in size containing the source code for Trusted Applets, bootloader, and account authentication in addition to biometric unlock algorithms and confidential source code from Qualcomm. This breach could have serious security ramifications for both Samsung & Qualcomm is these claims are substantiated.



View at TechPowerUp Main Site | Source

 

[R-T-B]

Oh fun. More qualcomm security issues ho!

 

[Ferrum Master]

Clean out anything you had on Samsung accounts, especially the Samsung pass. There could be exploits targeting it.

Now we will see if Qualcomm did really had some hidden government backdoors.

 

[ShurikN]

Hackers threaten to expose Samsung's yealds

 

[Chomiq]

Hackers threaten to expose Samsung's yealds

Truckloads of cash are already on the way to Korean PM's residence.

On a serious note, so that the post won't get deleted:
Some of these major companies really have to review their security protocols.

 

[R-T-B]

Now we will see if Qualcomm did really had some hidden government backdoors.

I'm doubtful, honestly. I think Intel would've had some if that conspiracy was going to be true, but we'll see.

It's certainly going to be fun watching them try to resecure their bootloader signing keys though...

 

[chrcoluk]

Hackers threaten to expose Samsung's yealds

they 99% and 300% margin.

 

[Dragokar]

It is still bullshit to publish such stuff, it all goes down to the end user which lose his data and account security anyway. Yeah, they target the company, but in the end they hurt only the small people that get trouble with stolen data, breached systems and so on.

 

[zlobby]

Allegedly? There are gigabytes of data available for the taking already.

 

[DeathtoGnomes]

TBH, I cant wait to see what the group will demand from Samsung and Qualcomm.

That would really make popcorn a requirement.

 

[watzupken]

I have to say that Samsung had a very rough start of the year. Just in a span of a few months, we heard about Qualcomm ditching their foundry in favour of TSMC. This is probably something in flight for some time, but we only got some sort of confirmation this year. Then just less than a week ago, they were in the news for throttling/ manipulating performance for their mobile devices, and now this.

 

[Jism]

Some of these major companies really have to review their security protocols.

Most of such hacks are performed by simple social engineering.

Human is the weakest link in this all.

 

[zlobby]

Most of such hacks are performed by simple social engineering.

Human is the weakest link in this all.

Irony is that most in companies where InfoSec training are conducted regularly, most employees just do them as a chore, without actually paying attention to detail.
After that even a simple phishing attack could work. I too doubt that some extremely sophisticated attack vectors are used.

 

[Bones]

TBH, I cant wait to see what the group will demand from Samsung and Qualcomm.

That would really make popcorn a requirement.

No need for me to wonder about it - Crypto.
These guys are hitting various targets and I'd bet it's all about crypto, either as the ability to mine it or blackmail these companies for it.

And TBH, I woudn't doubt it if it happens to be and is proven as something "State Sponsored" the way things are right now.
That's as far as I'm going with that because there is no need to go further, you guys are smart enough to do the math from that point foward.

If I'm wrong, so be it but just going from a "Most Probrable" point of view here.

 

[DeathtoGnomes]

No need for me to wonder about it - Crypto.
These guys are hitting various targets and I'd bet it's all about crypto, either as the ability to mine it or blackmail these companies for it.

And TBH, I woudn't doubt it if it happens to be and is proven as something "State Sponsored" the way things are right now.
That's as far as I'm going with that because there is no need to go further, you guys are smart enough to do the math from that point foward.

If I'm wrong, so be it but just going from a "Most Probrable" point of view here.

did not mean money/crypto, maybe something more ominous.

 

[zlobby]

did not mean money/crypto, maybe something more ominous.

A few pounds of palladuim? Or a pallet of coke? Not the drikable type, that is.

 

[Bones]

did not mean money/crypto, maybe something more ominous.

That would have to be something of a directly state sponsored action(s) to do for that purpose, let's hope not and all it's about is just crypto.
However even if it's just about crypto, you know like I do how it could be used to that end.

 

[R-T-B]

No need for me to wonder about it - Crypto.

crypto is just a means to get money. It's a classic ransom. They certainly don't plan to sit on actual crypto, usually.

 

[Bones]

Yep - Regardless of what form it takes money is only useful if it's actually used, for what purpose in this case we can only guess.

 

[Chrispy_]

Ruh-roh.
Samsung security workarounds could have some pretty horrifying consequences, given the prevalence of Samsung phones globally.

 

[zlobby]

Ruh-roh.
Samsung security workarounds could have some pretty horrifying consequences, given the prevalence of Samsung phones globally.

It's pretty much given that they will. Silver lining here is that Samsung will need to revamp most of their security from scratch. While it will take time, it will ultimately lead to more secure devices and services. Or so I believe.