16 June, 2022
Follow Us

The Samsung Galaxy Hack and How to Protect Against Cyber Thieves

16 June, 2022

How a cyber extortion gang gained access to Samsung’s internal systems and what you can do to protect against hackers.

Samsung, the world’s leading smartphone provider, confirmed in a statement released via Bloomberg on 7th March that 190GB of data, stored on its internal system was stolen in a cybersecurity breach, which made internal company data accessible to the public. The tech giant revealed that “some source code relating to the operation of Galaxy devices” has been compromised. 

That’s worrying news at a time when 90% of Americans say they’re concerned about cybersecurity, and the password to a small pocket-sized device can unlock some of your most private information. Read on to learn more and to find out how you can improve your device and personal information security.

Impact of the hack and the group behind it

Lapsus$, the criminal gang that claimed responsibility for the operation on 4th March 2022 via its Telegram channel, alleges it gained access to confidential information, including source codes for the company’s software stored on Samsung’s internal systems. The post revealed nearly 200GB of stolen data affecting Galaxy products stored on Samsung Electronics’ internal system. 

The news reignites previously raised concerns that hackers could successfully bypass Samsung’s biometric unlocking algorithms. Worryingly, all biometric unlocking algorithms have been released. However, that doesn’t mean that copies of users’ fingerprints have been stolen, but that the process by which Galaxy software uses biometric sensors to authorize smartphone access has been leaked. 

The good news, if you’re reading this on a Samsung device, is that the South Korean tech giant insists that the hackers didn’t obtain any personal customer or employee data. 

How did Lapsus$ gain access to Samsung’s internal systems? 

It’s not known exactly how the group gained access to their systems, and Samsung hasn’t speculated on this, but Microsoft has revealed it’s also come under attack, releasing a statement on 22nd March. 

It suggested that the gang employed phishing tactics to launch a social engineering attack, using techniques like impersonation to lure individuals into revealing sensitive information. That information then provided access to personal accounts and, as Microsoft has claimed, employee email accounts at target companies. 

Why the hackers targeted these companies specifically is also unknown, but global brands like Samsung and Microsoft are often subject to hacks because they store vast quantities of private information, meaning millions of users could be affected. In each case, the primary motivators are money and notoriety. Cyber detectives are yet to name the criminals involved but say they suspect several individuals are behind the attack. 

It’s unknown whether the cyber-extortion group holds more information that it’s yet to release. 

What is Samsung doing to solve the problem?

As the information’s already been leaked publicly, there’s little that Samsung can do to retrieve the information or prevent it from being shared further. However, it claims to have strengthened its cyber resilience and measures are in place to prevent further breaches.

Phishing is responsible for around 90% of data breaches. In this case, phishing tactics have been employed on a large scale. However, the same techniques are commonly used on smaller scales against individuals to gain access to electronic devices and bank accounts. 

What steps can I take to protect against hackers?

Phishing hackers use deception, sending emails and text messages that appear to contain legitimate links from recognized senders. When the recipient opens the attachment, it triggers malicious code that allows the hacker access to their private information. You’ve likely received one of these before because 1 in every 99 emails are phishing scams. So, rather than relying on logos and watermarks that can be easily replicated by hackers, always check the email address of the sender. The takeaway: always remain vigilant and err on the side of caution when asked to reveal sensitive information. 

While Samsung has assured users that none of their personal information has been stolen, it’s another reminder of the importance of cybersecurity protocols. So, you may not be directly impacted in this instance, but Microsoft has outlined some handy risk reduction measures that apply to all mobile users. 

Microsoft advises mobile users to:

  • Use secure passwords that aren’t easily guessed
  • Securely store your personal information in an encrypted password management system.
  • Require multi-factor (2FA) authentication on all your devices, even when the login attempt is coming from a trusted source or location. 

Protecting device owners from loss and theft

At LOX, we know the value of personal data security and that’s why we’re building a solution to the global problem of smartphone and wireless device crime and theft. Using NFTs and a proof-of-ownership model, we’re putting the power of device ownership in the hands of owners. Our network helps individuals, law enforcement, and insurance companies track down and blacklist lost and stolen devices. Visit our website to find out more and join our community for the latest news, updates, and to join in the discussion on blockchain-powered mobile device security.

Telegram

Twitter

Discord

Annabel
Content Manager

© LOX Technology Limited
Company No.13083900  .