Samsung's Galaxy source code stolen by hackers

A hacking group appears to have stolen some of the source code underpinning Samsung's Galaxy-branded range of devices, and released the software online.

According to reports from multiple publications, a South American hacking group called Lapsus$ claimed responsibility for the Samsung hack. The group reportedly released 190 gigabytes of Samsung data, including bootloader source code for all of Samsung's recent devices, as well as software related to biometric authentication and on-device encryption for Samsung's Galaxy-branded phones and tablets. Engadget reported the hack may have also included data from Qualcomm, a Samsung chipset supplier.

"Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption," Samsung said in a statement.

The Galaxy A21 is among the many phones in Samsung's Galaxy line of devices. (Source: Samsung)
The Galaxy A21 is among the many phones in Samsung's Galaxy line of devices.
(Source: Samsung)

According to data from research and consulting firm Counterpoint, Samsung was the world's second-largest smartphone vendor at the end of 2021.

Hack attacks on the rise

The hack is just the latest indication of the increasingly treacherous cyber landscape that all technology companies must navigate. Last week, chipmaker Nvidia appeared to have been hit by a very similar hack of its own source code, while Microsoft reported fending off what some industry experts say is likely the biggest distributed denial-of-service attack ever.

For telecom network operators specifically, hacks are becoming increasingly common. Just last year T-Mobile US announced that up to 40 million current or prospective customers had their personal information stolen out of the company's computer systems. And, according to a detailed report from CrowdStrike, more than a dozen mobile network operators have been infiltrated by a hacking group called LightBasin since 2019.

Not surprisingly, Russia's invasion of Ukraine has sparked fears of a wider cyber war. Partly in response, tech companies Cloudlflare, Crowdstrike and Ping Identity this week announced their new Critical Infrastructure Defense Project that they said would "rapidly improve cyber readiness" for hospitals, energy and water utility companies in the US.

Related posts:

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

Be the first to post a comment regarding this story.
Sign In