Hot Topics
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Securing the Cloud Security Awareness Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Lapsus$ Strikes Again—190GB Samsung Data Release by Nvidia Hackers

by Richi Jennings on March 7, 2022

Samsung Electronics has had confidential data stolen and leaked by ransomware scrotes. These are the same thugs that hacked Nvidia recently—calling themselves Lapsus$.

The 190 GB data haul is said to contain source code and private keys. Some of that trove probably compromises Samsung phones’ biometric authentication and the company’s online user account system.

But is there a silver lining? Perhaps it’ll help out-of-support device owners? In today’s SB Blogwatch, we want to block ads on this smart TV.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Kitbashing.

Ransomware Redux

What’s the craic? Ionut Ilascu reports—“Hackers leak 190GB of alleged Samsung data, source code”:

Could cause huge damage
The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics. [It] comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia.

If the details … are accurate, Samsung has suffered a major data breach that could cause huge damage to the company. … It is unclear if Lapsus$ contacted Samsung for a ransom, as they claimed in the case of Nvidia.

Any confirmation from Korea? Cho Mu-Hyun adds—“Samsung confirms Galaxy source code breach”:

Spokesperson declined to comment
Samsung on Monday confirmed that the company recently suffered a cyberattack, but said that it doesn’t anticipate any impact on its business or customers. … It asserted that no personal information of customers was compromised.

On whether the company had received a demand for payments or was in negotiation to do so with any hacking group, a company spokesperson declined to comment. … “We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption,” … the company said.

What’s the Nvidia connection? In case you missed it, James Vincent fills in the blanks—“The same group behind a recent Nvidia hack has claimed responsibility”:

Attempted to blackmail the company
News of the breach was first reported earlier this month, with a hacking outfit named Lapsus$ claiming responsibility. The group, which recently hacked Nvidia, shared screenshots purportedly showing roughly 200GB of stolen data.

It’s not clear if Lapsus$ has made any threats to Samsung trying to extort specific concessions. [But] in the case of the recent Nvidia hack, the hacking group Lapsus$ attempted to blackmail the company, threatening to leak data online unless Nvidia removed cryptocurrency mining limiters from certain GPUs and made the drivers for these video cards open source.

Brace for impact. megous eyerolls furiously:

And there goes all the secure boot fluff. Now we will see how secure it really is against attacks when the code is available—and some keys apparently, too.

Sounds like a disaster. But Gytole sees the silver lining:

Awesome people … will take the code and rebuild broken things in our … Phones and could end up being epic. Is this okay? No, but having devices that were abandoned too early, for wayyy too much money spent on them almost makes this acceptable.

Any other neat ideas? Here’s squarefoot’s:

Let’s hope … there is some documentation or source code that would help the development of alternate spyware/ads free firmware for Samsung Smart TVs.

And klipclop trots in to say:

Hopefully some info will be released so phone owners can unlock their bootloaders.

It’s almost as if it’s not a surprise to some people. asteroidp, for example:

Samsung, can you please stop writing software? You simply are not very good at it. From phones to TVs to refrigerators—just stop.

In a similar vein, OneHundredAndTen makes a “meh”:

Anybody care? After all, Samsung is well known for its ****ty software.

Meanwhile, heed the advice of Stanley Kubrick (no, not that one):

I have a much better solution: Sell your Samsmug phone and never buy another one.

And Finally:

“Greebly”

Hat tip: BarryFromThe****Farm

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Kārlis Dambrāns (cc:by; leveled and cropped)

Richi Jennings , , , , , , ,

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 605 posts and counting.See all posts by richi