The Leaky Cauldron
Security through obscurity, effective as ever. I'm sure this'll never happen to government backdoors.
Samsung has acknowledged its data was stolen after the Lapsus$ extortion gang deposited what appears to nearly 200GB of the mega-corp's stolen internal files online. "We were recently made aware that there was a security breach relating to certain internal company data," said the Korean multinational in a statement this …
Quote: "...it's written by competent security engineers..."
Sorry Ken, it's not the CURRENT security software that's the problem........maybe to 190GB dump is cunning misdirection for other types of misdeed....
(1) The Ken Thompson Hack: https://wiki.c2.com/?TheKenThompsonHack
(2) The SolarWinds Hack: https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html
So.....the hack on Samsung precludes the hackers WRITING BACK their own code as part of the hack?
Would Samsung know this has happened? (c.f. SolarWinds)
And suppose Samsung's development infrastructure were to be compromised, how long would it take to find out? (c.f. SolarWinds)
And what about future Samsung customers buying product with third party hacks embedded in the product?
This is why you never save card details.
And preferably, remove manufacturer-mandated crapware of which Samsung is particularly guilty for installing.
Is it really that difficult to have a clean, compact OS with minimal attack surface? Nope. The only reason they don't follow the paradigm they do is monetisation. So deny them the latter.
Yeah, Samsung is better than it used to be, but still lots of unremovable junk. I have a Galaxy A, because it's an excellent phone and because it's not made in China, but I still wish I could have one with 'pure Android' on it. At least I would only have to sell my soul to Google, not Samsung too...