Lapsus$ 2: Samsung Boogaloo, encyption keys and knox source code apparently stolen and leaked

[Master Disaster]

According to Android Police the group behind the recent Nvidia hack have struck again and its another massive hit, this time to Samsung. Just like with Nvidia its another massive haul, encryption keys, source code to knox, biometric unlocking algorithms and source code to samsung account authorisation.

 

Quote

The hacking group Lapsus$ recently targeted Nvidia, demanding the chipmaker eliminate a feature in some GPUs that limits hash rates while mining Ethereum cryptocurrency. The hackers made it clear they had the goods by first leaking internal Nvidia email handles and cryptographically hashed passwords, then setting a deadline of March 4. Lapsus$ isn't stopping there — now Samsung is under the gun, and valuable source code is once again at stake.

 

The new leak is detailed in a report from Bleeping Computer, which calls Lapsus$ an "extortion gang" and says the group initially posted a screenshot of code for Samsung software, then detailed what has been exfiltrated from the South Korean electronics giant's servers. The stolen info appears to include vital information, including algorithms for all biometric unlocking operations, the source code for the bootloader for newer Samsung products, and all the source code behind the process of authorizing and authenticating Samsung accounts.

Unlike with Nvidia, this time the group have dumped a 190GB torrent for anyone to go grab.

Quote

It is a bad breach if all the claims are true. The data is allegedly available to torrent, with Lapsus$ packing it into compressed files that total nearly 190GB. According to Bleeping Computer, the hack isn't a kidnapping as with Nvidia, because as of Saturday there wasn't any evidence of a ransom demand. The cat is out of the bag, too, as over 400 peers are reportedly sharing the information and the hackers indicated plans to boost download speeds with additional servers.

Source - https://www.androidpolice.com/hackers-leak-190-gb-of-samsung-data-including-source-code/

 

This is getting silly now. Either these guys are literally the best hackers on the planet or these large corporations seem to be using piss poor security.

[HanZie82]

Can't say im really bothered by them big companies secrets being revealed.
What i don't like is that it will just fall on the customer if anything bad happens.

So for now, i say, hack the shit out of those awful companies.

Change this up, hold them accountable etc.

Just hope Apple and Sony are next.

[Haaselh0ff]

8 minutes ago, Master Disaster said:

This is getting silly now. Either these guys are literally the best hackers on the planet or these large corporations seem to be using piss poor security.

WEEEELLLLllllllll I mean you're not wrong

[Needfuldoer]

37 minutes ago, Master Disaster said:

Either these guys are literally the best hackers on the planet or these large corporations seem to be using piss poor security.

I'd better change the combination on my luggage...

[jaslion]

1 hour ago, Master Disaster said:

This is getting silly now. Either these guys are literally the best hackers on the planet or these large corporations seem to be using piss poor security.

Sooooooo without saying too muchhhhhhhh after having worked at a big boi. Getting the wifi password from a rando laptop would basically give you everything.

[DildorTheDecent]

1 hour ago, Master Disaster said:

This is getting silly now. Either these guys are literally the best hackers on the planet or these large corporations seem to be using piss poor security.

They're still yet to figure out how to seed torrents properly and use make so I'd hold your horses with this statement.

[Vishera]

It's a grey hat group,What are they going after?

What is the motive this time?

[jagdtigger]

14 minutes ago, DildorTheDecent said:

They're still yet to figure out how to seed torrents properly and use make so I'd hold your horses with this statement.

Says a lot about the security of these companies...

[Fasterthannothing]

So does this mean all Samsung accounts are comprised no matter how well you secure them ie 2fa?

[Lurick]

10 minutes ago, jagdtigger said:

Says a lot about the security of these companies...

Short term profit is far more important than long term investments in security for a lot of them sadly.

[vetali]

9 minutes ago, SlidewaysZ said:

So does this mean all Samsung accounts are comprised no matter how well you secure them ie 2fa?

If what they claim is correct, yes... and they haven't lied about the nvidia leaks so far. Found this in a reddit post that outlines most of it:

 

Quote

[HanZie82]

Good good good.
Hope the rooting comes back for Sammy's tho. (Yes im still a Samsung user )

Its absolutely fucking awful i cant even record my own damn phone conversations.
Who are they to decide!

[Fasterthannothing]

Why are you people excited about this? Y'all need help. This is a serious exploit that's going to affect millions. Imagine if this happens to Apple, Google, or Amazon. Will you be happy when everyone's accounts are exploited and bank accounts drained?

[vetali]

Just now, SlidewaysZ said:

Why are you people excited about this? Y'all need help. This is a serious exploit that's going to affect millions. Imagine if this happens to Apple, Google, or Amazon. Will you be happy when everyone's accounts are exploited and bank accounts drained?

If it was Apple this thread would of been posted at the time of the leak and have 50 pages by now, even after being locked and cleaned 3 times by mods.

[jagdtigger]

8 minutes ago, SlidewaysZ said:

Why are you people excited about this?

Because these incidents show the true face of a company. Many manufacturers lock their phones down under the false pretense of security, well they just got busted.

[Fasterthannothing]

8 minutes ago, jagdtigger said:

Because these incidents show the true face of a company. Many manufacturers lock their phones down under the false pretense of security, well they just got busted.

What your insane. False pretenses my butt you lock something down to secure it. Please tell me why a phone company shouldn't try and secure their devices? Also the bootloader has nothing to do with the reckless release of biometric security code and account authentication systems. These people are criminals period!

[HanZie82]

46 minutes ago, SlidewaysZ said:

Why are you people excited about this? Y'all need help. This is a serious exploit that's going to affect millions. Imagine if this happens to Apple, Google, or Amazon. Will you be happy when everyone's accounts are exploited and bank accounts drained?

Its OK to not understand our excitement, but that excitement is definitely not about user data, as i'm one of those users.
Its the other stuff, they sneaked in over the years. I'm a huge proponent of letting the end-user have the say.
Why i always rooted my phones and put custom firmware on it. Because in my experience a single 'customer' can do what those great companies CANNOT.
Make a worth while operating system. etc.

 

20 minutes ago, SlidewaysZ said:

What your insane. False pretenses my butt you lock something down to secure it. Please tell me why a phone company shouldn't try and secure their devices? Also the bootloader has nothing to do with the reckless release of biometric security code and account authentication systems. These people are criminals period!

You dont have to resort to name-calling if people do not agree with you.
Better come with proper arguments. Better luck next time.

[jagdtigger]

36 minutes ago, SlidewaysZ said:

False pretenses my butt

Yup, especially when it comes to BS practices like serializing parts and whatnot..... Oh and did i mention that their idea about security and the record short support phones get is a dead giveaway?

 

You clearly lack a lot of knowledge on this subject. Having your source code exposed wont matter much as long as your dev team wrote an actually secure code. If they werent then thats on the company/dev team not the hackers exposing their bad practices.

[CTR640]

I'm guessing piss poor security because the best hackers on the planet won't waste their time and effort hacking such silly companies like Scamsung.

[Master Disaster]

2 hours ago, SlidewaysZ said:

Why are you people excited about this? Y'all need help. This is a serious exploit that's going to affect millions. Imagine if this happens to Apple, Google, or Amazon. Will you be happy when everyone's accounts are exploited and bank accounts drained?

It really wont, at least not in the way you are talking about. Its not like the data contains any actual passwords (or any PII at all).

 

These are low level encryption keys used by the phone on the back end. Nobody is in any danger of getting their details leaked, it just means hackers can look for ways to access Samsung devices without the need for anybodies info at all.

 

The way these guys are carrying on they will be caught soon, I imagine right now the FBI, Interpol and multiple other security agencies around the globe are all information pooling. They caught the LulzSec guys and they were simply trolling, these guys are dumping trade secrets onto the clearweb.

 

Edit - Well at least for now there's no indication anyone PII is in danger. Nothing to say they won't do another dump in a few days.

 

 

[Salv8 (sam)]

if anyone from Lapsus$ is reading this, ya HAVE to do apple!

comeon no-one else has as many trade secrets as apple!

[Taf the Ghost]

@Master Disastera bunch of major companies getting hit means one of the Zero Days that hit recently is in the wild still on their networking gear.

[whm1974]

So did this group actually managed to get a hold of Samsung's IP?

[FloRolf]

I like it when these groups find flaws in companies (and their devices) security so they can be patched. However leaking lots and lots of actual user data and making the user vulnerable kinda sucks. 

 

Remember: With great power comes great responsibility. 

[Kisai]

4 hours ago, whm1974 said:

So did this group actually managed to get a hold of Samsung's IP?

I'd be willing to bet, what was actually hacked was a cloud-storage system. Because these big companies have been moving to cloud storage (so employees can work at home/remotely) instead of having file servers in their offices.

 

Like that's pretty much how the Nintendo gigaleak happened. It wasn't "Nintendo" it was a third party connected to Nintendo that for some reason had all this stuff. 

 

So it would surprise me if nvidia or samsung has any new stuff leaked. It's far more likely that if anyone actually thought there would be value in having the leaked data, it would only be useful for someone trying to turn their consumer products into zombie bitcoin miners or something, or finding the root keys for the device to replace the OS entirely.