Samsung hacked, source code stolen — is your phone at risk?

Samsung Galaxy S22 review
(Image credit: Tom's Guide)

Samsung today (March 7) confirmed that its internal databases had been hacked and source code for Galaxy smartphones and tablets stolen, but insisted that no customer data was affected.

"We were recently made aware that there was a security breach relating to certain internal company data," Samsung said in a statement provided to SamMobile and Bloomberg News. "Immediately after discovering the incident, we strengthened our security system. 

"According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption."

Late Friday (March 4), the Lapsus$ hacker gang proclaimed that it had stolen 190 GB of data from Samsung, including source code for Samsung's TrustZone and Knox, biometric unlocking, bootloader, activation servers, account verification and even some proprietary Qualcomm code, according to Bleeping Computer.

Lapsus$ put the data online for free as a torrent file, so there's little Samsung can now do to control its spread. Oddly, the Lapsus$ crew don't seem to want any money for the data, and there's no indication that the group demanded a ransom from Samsung. The same hackers broke into Nvidia's servers last month as part of an extortion attempt.

What to do if you own a Samsung phone or tablet

So is your Samsung Galaxy device at risk? Probably not right away. Having proprietary source code out in the wild is bad for a company's bottom line, but it doesn't mean that devices running the code can immediately be hacked. 

After all, anyone can review Linux source code, yet that doesn't create a security risk for the millions of servers that run Linux (or for the hundreds of millions of phones that run Linux as part of Android).

That risk changes if it turns out there are big security flaws in Samsung's source code. Now that hundreds of researchers and hackers are poring over Samsung's code, they might find vulnerabilities that Samsung engineers missed. If criminals find Samsung flaws, they'll try to make money from them by exploiting them or selling the information to other crooks.

So what can you do? If you have a Samsung phone or tablet, update its software today before the bad guys can figure out a way to pervert Samsung updates. Change the password on your Samsung account, and enable two-factor authentication on the account if you haven't already.

In the longer term, install and use one of the best Android antivirus apps, which will spot and block known Android malware. And hold off on installing Samsung software updates after the middle of this week until it's clear that the updates will be safe.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.