Nvidia hackers leak 190GB of data, including software updates and sensitive information
It wouldn't be the first time Nvidia fell under the tyranny of cybercriminals. Nvidia hackers leak 190GB of data, including software updates and sensitive information.
Hacking group LAPSUS$ was behind the incident. They breached into the tech giant servers and stayed there for quite some time. A hack of this scale needs patient observance on the ongoings to dictate important files on Nvidia servers.
The same hacking group was behind a Samsung breach, where they managed to escape with a 200GB trove of exposed files. It included source code for Samsung's activation servers, biometrics unlock algorithms, bootloaders for recently released Samsung devices.
Nvidia is primarily a graphics processing company with groundbreaking technologies to empower those protocols. AI, ML, 3D rendering, software updates, patches are securely placed on Nvidia servers. Hackers managed to expose those and take away that could hurt company reputation or would be easy to milk some dough.
Lapsus$ group is hugely popular for its database leaks and cybercrimes. A recent incident with Samsung gained massive traction to the group. Their current penetration on Nvidia again points fingers at the security of big tech.
After the incident, the Lapsus$ hacking group claimed responsibility which later was posted on the Telegram channel. The hacker group said members of the group to "enjoy" the files downloadable over the torrent. Accounts include complete source code, authentication, identity, API, services, and many more. According to a Telegram post, a trusted Applet (TA) is installed on Samsung devices TrustZone (TEE). TEE OS (QSEE). The files also include DRM modules and key masters/gatekeepers!
Although we do not have any precise timeline of the massive hack that took palace. But the news first surfaced on 4th March after the cybercriminal group Lapsus$ posted on their online forums and Telegram channels. According to Bleeping Computer, source codes extracted from the secure server has 190GB of data. Trusted applets in Samsung smartphone TrustZone environment source code was also leaked.
Here's a list of confidential information that was recently exposed:
Source code for every Trusted Applet (TA). They are installed in Samsung's TrustZone environment.
Bootloader source codes
QUALCOMM source codes
Authorisation and authenticating accounts
API and services data
According to many other stats collected, the data breach is the single biggest one in the history of Nvidia. Being one of the biggest tech companies globally has its downside and perks. Everyone looks up to you as you're the centre of attention, and the strict ideology needs constant monitoring. The South American hacker group stole over $1TB of information and asked for ransom. According to their telegraph channel, Nvidia's internal systems were "completely compromised."
Vx-Underground Twitter channel said, "LAPSUS$ extortion group has successfully breached both NVIDIA & Samsung." On 1st March, the hacker group asked for a ransom in exchange for leaking Nvidia's open-source drivers. On 4th March, the group released Samsung's proprietary source code.
The torrent shared by LAPSUS$ has over 400 peers; files include a text file of the available content for download. It listed dump source code and related data on:
Security/Defense/Knox/Bootloader/TrustedApps and other items.
Dump of source code about device security and encryption
Repositories from Samsung GitHub including mobile defence engineering, account backend, pass backend/frontend, and SES (Bixby, Smartthing's, store)
We do not have any information regarding the extortion plot associated with the Samsung incident. But files were released simultaneously. According to a report made by Bloomberg, Samsung said: "there was a security breach relating to certain internal company data." Upon which Samsung responded, "we do not anticipate any impact to our business or customers."
From Nvidia's side of things, the successful breach extorted sensitive data from the giant tech firm. Such security features need an update. The company may have crypto mining limiters, GPU data and driver information on the leaked files.