back to article Lapsus$ extortionists dump Samsung data online, chaebol confirms security breach

Samsung has acknowledged its data was stolen after the Lapsus$ extortion gang deposited what appears to nearly 200GB of the mega-corp's stolen internal files online. "We were recently made aware that there was a security breach relating to certain internal company data," said the Korean multinational in a statement this …

  1. Anonymous Coward
    Anonymous Coward

    The Leaky Cauldron

    Security through obscurity, effective as ever. I'm sure this'll never happen to government backdoors.

    1. Toe Knee

      Re: The Leaky Cauldron

      But the government has Top Men working on it…

      https://youtu.be/yoy4_h7Pb3M

      It’s a fine tradition in government service!

  2. Ken Hagan Gold badge

    I don't understand how having the source code to Knox helps you bypass it. I mean, it's written by competent security engineers isn't it? Otherwise how could it have received the government's sign-off?

    1. DS999 Silver badge
      Facepalm

      You think a government sign off is a guarantee there are no security holes?

      (can't tell if you're serious or not, so just in case...)

    2. mrGecko

      You wouldn't be suggesting that the very same governments might have required Samsung to build in backdoors, would you?

    3. Anonymous Coward
      Anonymous Coward

      Software can have vulnerabilities from things besides programming errors, in fact I'd be willing to bet that most CVEs are malicious combinations of features working exactly as intended.

    4. Anonymous Coward
      Anonymous Coward

      Hackers are capable of misdirection too....

      @Ken_Hagan

      Quote: "...it's written by competent security engineers..."

      Sorry Ken, it's not the CURRENT security software that's the problem........maybe to 190GB dump is cunning misdirection for other types of misdeed....

      (1) The Ken Thompson Hack: https://wiki.c2.com/?TheKenThompsonHack

      (2) The SolarWinds Hack: https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html

      So.....the hack on Samsung precludes the hackers WRITING BACK their own code as part of the hack?

      Would Samsung know this has happened? (c.f. SolarWinds)

      And suppose Samsung's development infrastructure were to be compromised, how long would it take to find out? (c.f. SolarWinds)

      And what about future Samsung customers buying product with third party hacks embedded in the product?

      1. Clausewitz 4.0
        Devil

        Re: Hackers are capable of misdirection too....

        If this was a supply-chain OP you wouldn't see files leaked.

  3. Death Boffin
    Mushroom

    Bootloader

    Hopefully info on how to unlock the bootloader is out there now so I can get the official Samsung malware off the device.

    1. cyberdemon Silver badge
      Pint

      Re: Bootloader

      Came to say the same thing!

  4. Binraider Silver badge

    This is why you never save card details.

    And preferably, remove manufacturer-mandated crapware of which Samsung is particularly guilty for installing.

    Is it really that difficult to have a clean, compact OS with minimal attack surface? Nope. The only reason they don't follow the paradigm they do is monetisation. So deny them the latter.

    1. Altrux

      Cr4pware

      Yeah, Samsung is better than it used to be, but still lots of unremovable junk. I have a Galaxy A, because it's an excellent phone and because it's not made in China, but I still wish I could have one with 'pure Android' on it. At least I would only have to sell my soul to Google, not Samsung too...

  5. Anonymous Coward
    Anonymous Coward

    Wonder if this is why...

    the normally prompt monthly updates for flagship devices aren't available yet?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like