According to Bleeping Computer, approximately 190 gigs of Samsung source code have been leaked on the internet. Samsung evidently says this is the case. This fresh on the heels of a much more publicized non-event.
“Hah!” you may be thinking, “Android is open source!” and while that’s true, what is not open source are the DRM modules, trust keys to Knox, bootloader source code, biometric scanner code, Qualcomm chipset source, activation server code, accounts source code, and a whole bunch of things that can turn your phone into a one-stop unlock.
Remember how people used to steal phones and be able to get data off of them? Think that era again but now with a phone that’s thinks you’re there because biometric data has been faked. Worse if there’re any major flaws found in the code.
Among other things compromised are Trusted Applets, TrustedApps, encryption keys, hardware cryptography, Bixby, Smartthings, Samsung Store, several github repos, and probably frog. Everything basically.
Right now there’s three compressed files comprising 190 gigs of torrented Samsung proprietary code out there somewhere on the torrents. I looked in the only couple of pirate and torrent search engines I know of and discovered there is a TON of Samsung phone porn. I really did not know this was a thing. Didn’t find the source code but dang there’s a whole subgenre of Android complying with Rule 34 I was unaware of.
Samsung’s confirmation says the intruder had access to the source code used in Galaxy smartphones, but I’d bet dollars to doughnuts that it’s also their tablet line and Smartthings beyond the Galaxy line.
How worried should you be? Somewhat – the main issue here I’d worry about is older devices that are not on your person but sitting in a tech landfill somewhere being powered up, repaired, broken into and your data accessed including biometric info and Samsung accounts.
I don’t think in the next month savvy street gangs are going to grab phones for biometric unlock purposes, but maybe.
Overall, terrible, they’ll probably rush a patch out with new encryption keys for the biometric and user side, and work at locking down the back end one hopes.
In the meantime, there’s really nothing you can do other than turn off biometrics in your banking apps so that if your phone actually were compromised they’d have to enter a password.
OK, so took about two minutes to locate the magnet link and a torrent download. Keep in mind that downloading and distributing this is most likely illegal. Link is above if you can find it.[Bleeping Computer]