Dozens of internal coding projects being worked on by Samsung engineers were reportedly leaking source code, credentials and keys because of a lack of security.
According to a report in TechCrunch, citing Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, the internal projects, which include Samsung’s SmartThings platform, were leaking data because the projects were set to public and weren’t protected by a password, a big security lapse. That meant anyone could look at the projects and download the source code, the report said.
According to the report, the researcher said data on one of the internal projects included credentials to access the AWS account being used with many of the folders containing logs and analytics for SmartThings and Bixby, the firm’s voice-activated digital assistant.
The internal codes have been updated and secured, noted the report. “The real threat lies in the possibility of someone acquiring this level of access to the application source code, and injecting it with malicious code without the company knowing,” Hussein told the news outlet. SmartThings is Samsung’s Internet of Things offering that covers smart homes and home security, connecting different internet-enabled devices together.
Leaks of internal data aren’t the only security risk South Korea-based Samsung has faced in recent weeks. In April The Verge reported a Samsung Galaxy S10 user was able to trick the in-display fingerprint sensor by using a 3D printer. The user was able to trick the Galaxy by taking a picture of his fingerprint via a wineglass, uploading it to Photoshop and creating a model with 3D printing software. After 13 minutes, he had a 3D printed version of his fingerprint that he used to get into the phone. The report noted the Galaxy S10’s fingerprint scanner is hard to trick because it uses an ultrasonic sensor, but that didn’t thwart this particular user’s efforts.