Security News

Samsung has acknowledged its data was stolen after the Lapsus$ extortion gang deposited what appears to be 190GB of the company's stolen internal files online. Jake Moore, Slovakian infosec firm ESET's global cyber security advisor, said: "Data breaches like this often have a price tag attached but these bad actors have just gone straight to releasing the data without a ransom note, leaving the targeted victims scrambling around trying to reduce the impact where possible."

Samsung Electronics confirmed on Monday that its network was breached and the hackers stole confidential information, including source code present in Galaxy smartphones. As first reported by BleepingComputer, the data extortion group Lapsus$ leaked at the end of last week close to 190GB of archives claiming to have been stolen from Samsung Electronics.

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. In a note posted earlier today, the extortion gang teased about releasing Samsung data with a snapshot of C/C++ directives in Samsung software.

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack.

Attention, Samsung Galaxy smartphone owners: There's a good chance your device is one of the 100 million that a Tel Aviv University research paper said suffer from a serious encryption flaw. The researchers didn't stumble upon this error, either: They purposely targeted Samsung devices as an attempt to prove that proprietary, and often undocumented, encryption applications endanger everyone using a smartphone.

A group of academics from Tel Aviv University have disclosed details of now-patched "Severe" design flaws in Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices, researchers Alon Shakevsky, Eyal Ronen, and Avishai Wool said.

Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year's Galaxy S21. Researchers at Tel Aviv University found what they called "Severe" cryptographic design flaws that could have let attackers siphon the devices' hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that's found in smartphones. In a paper entitled "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design" - written by by Alon Shakevsky, Eyal Ronen and Avishai Wool - the academics explain that nowadays, smartphones control data that includes sensitive messages, images and files; cryptographic key management; FIDO2 web authentication; digital rights management data; data for mobile payment services such as Samsung Pay; and enterprise identity management.

Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. These TEEs run their own operating system, TrustZone Operating System, and it's up to vendors to implement the cryptographic functions within TZOS. The Android Keystore, the researchers explain, offers hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer.

Microsoft says Samsung devices enrolled in Microsoft Intune using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. Microsoft Intune is a cloud-based service designed to help admins manage Windows, macOS, iOS/iPadOS, and Android apps and devices in enterprise environments.

Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices. Scammers bet on the popularity of the pirate app, and indeed their cloned apps enjoyed a welcoming reception by the Samsung user community.