SmartThings Community

Hacker is wiping git repositories and demanding a ransom

security
(Big Hoss) #1

Well this isn’t good…

Not entirely related (only because they were using git, just doing so in a fast and loose manner), looks like Samsung unintentionally released the source code for the mobile app…

(Jimmy) #2

AFAIK, those are two separate events and unrelated.

1 Like
(Big Hoss) #3

Currently reading the articles, and so far in my reading the disclosure is due to the Gitlab / Github breech, made worse by Samsung’s internal processes. That might not be the case, but it is looking like it is…

#4

These two events have nothing to do with each other.

The Samsung event, which has already been discussed in the forum, was discovered by a white hat hacker and had to do with a development github repository which had remained public. It wasn’t even secured. There was no ransom involved: the white hat hacker reported it appropriately first to Samsung and then 30 days later to the press as is current best practice.

Also note that the Samsung code was only for the mobile apps. Not the cloud platform or the hub.

The ransom issue is completely separate, just happened this week, and involves a black hat hacker having grabbed credentials for a bunch of SECURED github repositories And threatening to make that code public if a ransom is not paid.

Nothing to do with Samsung or its practices. It’s almost the opposite, since Samsung didn’t bother to secure their github in the first place.

Please correct your first post. Samsung was not a victim of the ransom attack.

2 Likes
(Big Hoss) #5

Like I said, was busy reading the articles. Yep, planning on editing my first post…

1 Like