Samsung was supposedly leaking sensitive credentials, source code, and secret keys for various internal programs. As per media, Mossab Hussein (independent security researcher) found a number of exposed files in a GitLab employed by engineers at Samsung and hosted on a firm-controlled domain. The projects were supposedly set to “public” and not defended using a password.
The exposed data had source code for projects such as Bixby services and Samsung’s SmartThings platform. They also had credentials that offered authorization to the Amazon Web Service (AWS) account that was being employed, as well as GitLab tokens of various employees that offered additional access.
A spokesperson of Samsung claimed to the media that the firm “swiftly revoked” all certificates and keys for the platform, supposedly used for trialing. But Hussein claimed that he warned Samsung on April 10, 2019, and the firm did not remove the GitLab keys till April 30, 2019. “The actual threat resides in the probability of somebody getting this level of access to the app source code, and injecting it with virus without the firm knowing,” he claimed to the media.
On a related note, a couple of weeks back, Samsung alerted sponsors that its profit for quarter one might drop almost 60% as compared to the same period last year. Now the detailed report has come, verifying that projection with a functional profit of $5.4 Billion that mirrored a 23% decrement in income from its business for memory chip. Samsung also underwent smaller drops in the consumer electronics and mobile departments.
Yet the firm states that the lately rolled Galaxy S10 handset clocked strong sales, as per the media reports and industry insiders. Coupled along with its midrange A handsets, it hopes market requirement to elevate a bit in the coming quarter even as costs drop.