A hacker group leaked Samsung and Nvidia’s source code online, according to reports.
Previously, many vulnerabilities have been found in Samsung. Now its secret keys found in source code leaked.
The same hacker group have breached many companies including NVIDIA, Vodafone and Ubisoft.
The security analysis was performed by GitGuardian, a company that specializes in detecting and scanning secrets in Git repositories.
The GitGuardian team has discovered 6,600 secret keys, including private keys, usernames and passwords, AWS keys, Google keys, and GitHub keys, in the leaked Samsung source code.
GitGuardian scanned the leaked Samsung source code for sensitive information such as secrets and found that in the Samsung source code there were 6,695 secrets. This was during a scan that used over 350 individual detectors each looking for the specific characteristics of that specific type of secret which gives us reliably high accuracy results.
In this case, we excluded results from generic high entropy detectors and generic password detectors as these can typically include false positives and therefore give inflated results. With that in mind, the true number of secrets could be much higher.
“Of the more than 6,600 keys found in Samsung source code roughly 90% are for Samsung’s internal services and infrastructure, whilst the other 10%, critically, could grant access to Samsung’s external services or tools such as AWS, GitHub, artifactory and Google” Mackenzie Jackson Developer Advocate GitGuardian.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
Multiple Vulnerabilities Found in Pre-installed Apps
Previously, Samsung’s pre-installed Android apps have been contained multiple critical security flaws, having the potential to take access to users’ data without their consent and allow them to take control of the devices.
“The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device’s settings,” Sergey Toshin, founder of mobile security startup Oversecured, said in an analysis Thursday.
The advice for Samsung users to update their devices immediately.