The source code and security keys associated with a number of Samsung apps and projects have been discovered on unprotected server. Samsung’s SmartThings home automation platform was among the projects exposed in the compromise.
The exposed server contained a code repository that was misconfigured and publicly available. In addition to the underlying code of several major Samsung apps was a security token that allowed unfettered access to 135 projects and applications.
“The real threat lies in the possibility of someone acquiring this level of access to the application source code, and injecting it with malicious code without the company knowing,” said Mossab Hussein, the cybersecurity researcher who discovered the server.
Samsung is one of the world’s biggest technology manufacturers, and the ability to compromise its software would represent a cyber threat of monumental proportions. The company’s SmartThings app alone boasts 100 million installs worldwide. Alerted to the data compromise by Hussein April 10th, 20 days went by before the company revoked access to its security keys.
“[W]hile we have yet to find evidence that any external access occurred, we are currently investigating this further,” a spokesman for the company said.
Read more about the story here.