Samsung today (March 7) confirmed that its internal databases had been hacked and source code for Galaxy smartphones and tablets stolen, but insisted that no customer data was affected.
"We were recently made aware that there was a security breach relating to certain internal company data," Samsung said in a statement provided to SamMobile and Bloomberg News. "Immediately after discovering the incident, we strengthened our security system.
"According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption."
Late Friday (March 4), the Lapsus$ hacker gang proclaimed that it had stolen 190 GB of data from Samsung, including source code for Samsung's TrustZone and Knox, biometric unlocking, bootloader, activation servers, account verification and even some proprietary Qualcomm code, according to Bleeping Computer.
LAPSUS$ extortion group have successfully breached both NVIDIA & Samsung.-March 1st: They demand NVIDIA open-source its drivers, or else they will-March 4th: LAPSUS$ released Samsung proprietary source code.See attached images for more details directly from LAPSUS$ 4, 2022 See more
Lapsus$ put the data online for free as a torrent file, so there's little Samsung can now do to control its spread. Oddly, the Lapsus$ crew don't seem to want any money for the data, and there's no indication that the group demanded a ransom from Samsung. The same hackers broke into Nvidia's servers last month as part of an extortion attempt.
What to do if you own a Samsung phone or tablet
So is your Samsung Galaxy device at risk? Probably not right away. Having proprietary source code out in the wild is bad for a company's bottom line, but it doesn't mean that devices running the code can immediately be hacked.
After all, anyone can review Linux source code, yet that doesn't create a security risk for the millions of servers that run Linux (or for the hundreds of millions of phones that run Linux as part of Android).
That risk changes if it turns out there are big security flaws in Samsung's source code. Now that hundreds of researchers and hackers are poring over Samsung's code, they might find vulnerabilities that Samsung engineers missed. If criminals find Samsung flaws, they'll try to make money from them by exploiting them or selling the information to other crooks.
So what can you do? If you have a Samsung phone or tablet, update its software today before the bad guys can figure out a way to pervert Samsung updates. Change the password on your Samsung account, and enable two-factor authentication on the account if you haven't already.
In the longer term, install and use one of the best Android antivirus apps, which will spot and block known Android malware. And hold off on installing Samsung software updates after the middle of this week until it's clear that the updates will be safe.