South Korean device manufacturer Samsung has confirmed that hackers stole internal company data and source code for Galaxy devices, according to a news report. Lapsus$, the group behind a recent hack of U.S. technology company Nvidia, claimed it was behind the Samsung breach. Lapsus$ shared screenshots purportedly showing 200 GB of stolen data, including source code used by Samsung for encryption and biometric unlocking functions on Galaxy hardware.
In a statement issued on 7 March, Samsung did not either confirm or deny the identity of the hackers, nor whether or not they had stolen data related to encryption and biometrics. The company did say that hackers failed to reach any personal data belonging to employees or customers.
While it is a relief to know that Lapsu$, or whoever was behind the Samsung hack, did not take any personal data, the fact that a hack occurred at all is deeply concerning, especially considering that the hackers supposedly obtained the source code for a series of high-end mobile devices with worldwide popularity. Armed with those codes, a hacking organization could get access to the phones of millions of mobile subscribers and violate their privacy as well as potentially stealing money.
The target this time was Samsung, but if this hack was indeed successful, all mobile operators that offer Galaxy devices could be targets. Samsung took a hit in terms of consumer confidence, but it is possible for it to change the codes or otherwise update devices to neutralize the threat. Mobile operators, however, are dependent on device manufacturers and do not have control over the hardware.
From an operator point of view, the best policy in the age of hacking is to offer their own enhanced security solutions in order to neutralize, to the extent possible, any possible problems that emanate from the hardware. Certainly, from a branding and consumer-confidence standpoint, providing bespoke security would put the operator into a position of inspiring confidence in an uncertain time.