Almost 200 GB of source code from Samsung and Nvidia were leaked by Lapsus$

during the last weeks we share here on the blogsome of the news that were made known about hacking cases a Nvidia and Samsung by hacker group Lapsus$, who also managed to access information from Ubisoft.

And it is that recently GitGuardian scanned Samsung's source code for information confidential, such as secret keys (API keys, certificates) and discovered 6695 of them. This result was obtained during an analysis that used more than 350 individual detectors, each one looking for the specific characteristics of a type of secret key, giving results with great precision.

In this search, researchers GitGuardian excluded results from generic high-entropy detectors and generic password detectors, since they can usually include false positives and therefore generate inflated results. With that in mind, the actual number of secret keys could be much higher.

For those who are not familiar with GitGuardian, you should know that this is a company founded in 2017 by Jérémy Thomas and Eric Fourrier and which has received the 2021 FIC Start-up Award and is a member of the FT120.

The company has established itself as a specialist in the detection of secret keys and focuses its R&D efforts on solutions that comply with the shared responsibility model around the implementation of AppSec taking into account the experience of developers.

Related article:
Hackers threaten Nvidia with leaking sensitive data if they don't commit to open source drivers

As we can see in the summary of results, the first eight results represent 90% of the discoveries and, although it is very sensitive information, it can be more difficult for an attacker to use, since it probably refers to internal systems.

Esto leaves just over 600 secret authentication keys that provide access to a wide range of different services and systems that an attacker could use to laterally penetrate other systems.

» Of the more than 6600 keys found in the Samsung source code, about 90% are for internal Samsung services and infrastructure, while the critical remaining 10% could provide access to external services or tools from Samsung, such as AWS, GitHub, artifacts, and Google,” explains Mackenzie Jackson, Developer Advocate at GitGuardian.

Related article:
Leaked code of Samsung products, services and security mechanisms

A recent GitGuardian report showed that in an organization with an average of 400 developers, more than 1000 secret keys are found in internal source code repositories (Source State of Secrets Sprawl 2022).

If such secret keys are leaked, it could affect Samsung's ability to to securely update phones, give adversaries access to sensitive customer information, or give them access to Samsung's internal infrastructure, with the ability to launch other attacks.

Mackenzie Jackson adds:

These attacks expose a problem that many in the security industry have raised the alarm about: internal source code contains an ever-increasing amount of sensitive data, yet remains a highly unreliable asset. Source code is widely available to developers across the company, backed up on different servers, stored on developers' local machines, and even shared via internal documentation or email services. This makes them a very attractive target for adversaries and so we see a persistence in the frequency of these attacks.”

On the Lapsus$ Telegram channel, we will be able to see how the hacker group gains access to these repositories by sending what is essentially a call to employees of large organizations to reveal their access.

Unfortunately, we're not done seeing attacks like this, the group is now sharing polls, again via their Telegram channel, asking their audience what source code they should leak next, indicating that many more leaks are likely to come. of internal source code in the future.

Finally If you are interested in knowing more about it, you can check the details In the following link.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.