Samsung Galaxy hack: what we know so far

The breach compromised about 200GB of confidential data but the tech company says its business and customers have not been affected

An anonymous group called Lapsus$ has claimed responsibility for the attack. AFP
Beta V.1.0 - Powered by automated translation

Samsung Electronics, the world's biggest mobile phone manufacturer, has confirmed that it was hit by a massive data breach in which hackers were able to steal about 200 gigabytes of confidential source code related to its flagship Galaxy smartphone series.

The attack on the South Korean company had already been reported earlier this month, and an anonymous group calling itself Lapsus$ has claimed responsibility.

“Samsung launched an investigation and [has] so far found no evidence of the breach involving the personal information of its customers or employees,” Samsung Gulf Electronics told The National.

What was stolen?

Source code and algorithms for biometric unlocking, encryption and bootloaders to bypass a number of operating system controls have been taken from Samsung. These are critical functions for the company's products.

How dangerous is it for users?

If the breach is bad, Samsung may be forced to overhaul its source code, and this obviously puts the millions of Samsung devices out in the market at risk. Samsung accounted for about a fifth of all smartphone shipments in 2021, according to both Gartner and Counterpoint Research.

How big is the damage?

About 200GB worth of data has been stolen from Samsung, although the company insists that it does not see any significant impact on its customers or overall business.

Who is Lapsus$, the group behind the attack?

Lapsus$ recently made headlines after it hacked US chip maker Nvidia and tried to blackmail the company into removing the lite hash rate feature applicable to graphics processing units (GPUs) used in cryptocurrency mining. It also tried to force Nvidia to open-source its GPU drivers for macOS, Windows and Linux devices.

The group was also responsible for attacks on Portuguese media outlets Expresso and SIC Noticias in January.

It is unclear if any demands have been made to Samsung so far but the breach further exposes the growing danger of ransomware attacks, which surged 151 per cent worldwide in the first half of 2021.

What has been done with the stolen data?

Lapsus$ posted a torrent file on its Telegram account on Friday, which it said contained the stolen data. The files included information from both Samsung and one of its suppliers, chip maker Qualcomm, according to cyber-security news website Security Affairs, which also published a screenshot of the files.

What is Samsung's response?

Samsung has not gone into specifics but said it will put in place “measures to prevent further such incidents and will continue to serve our customers without disruption”. So far, there have been no incidents reported by users related to the attack.

What should you do if you suspect your device is compromised?

The Samsung breach was at a corporate level but in the event of a cyber attack on users, the company has issued instructions on its website on how to deal with potential incidents. These include removing unrecognised apps, blocking suspicious pop-ups or advertisements, performing a factory reset and checking devices for unusual battery drainage.

Updated: March 08, 2022, 11:23 AM