Tech Brew Ride Home - Mon. 03/07 – Samsung Source Code Leaked?

Episode Date: March 7, 2022

The evolving hack story involving Nvidia has now hit Samsung as the same hackers apparently have some of their source code. Are the iMac updates I’m really hungry for getting pushed all the way back... to next year? The real reason why brands are leaving Russia. And consumer beware: scams seem to be rampant on Zelle, and your bank might not be willing to help you. Sponsors: Grammarly.com/techmeme IPVanish.com/techmeme and promocode techmeme for 70% savings Links: Cybercriminals who breached Nvidia issue one of the most unusual demands ever (ArsTechnica) Malware now using NVIDIA's stolen code signing certificates (Bleeping Computer) Hackers leak 190GB of alleged Samsung data, source code (Bleeping Computer) Kuo: 27-inch Apple external display coming this year, new iMac Pro and Mac Pro in 2023 (9to5Mac) TikTok Suspends Livestreaming in Russia on ‘Fake News’ Law (Bloomberg) How are the Big Sanctions hurting Russia so far? (NoahPinion Substack) Fraud Is Flourishing on Zelle. The Banks Say It’s Not Their Problem. (NYTimes) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Monday, March 7th, 2022. I'm Brian McCullough today. The evolving hack story involving Nvidia has now hit Samsung, as the same hackers apparently have some of their source code. Are the IMac updates I'm really hungry for getting pushback all the way to next year? The real reason why brands are leaving Russia and consumer beware. Scams seem to be rampant on Zell and your bank might not be willing to help you. Here's what you miss today in the world of tech. There's a big hacking story going on that I don't think we've covered. Invidia has been hacked in a major way. First, there were reports of outages in
Starting point is 00:01:15 Invidia systems in late February, and according to Have I Been Poned, hackers stole more than 71,000 Nvidia staff credentials, including email IDs and Windows password hashes, many of which were cracked and circulated. Now, apparently, the hackers have claimed responsibility for the hack and outed themselves. a group called Lapsis says that if NVIDIA doesn't remove crypto mining limits on its graphics cards and open source its GPU drivers, the group will release the source code that it is also stolen. Quoting Ars Technica, a ransomware group calling itself Lapsis first claimed last week that it had hacked into NVIDIA's corporate network and stolen more than one terabyte of data included in the theft.
Starting point is 00:02:01 The group claims are schematics and source code for drivers and firmware, a relative newcomer to the ransomware scene, Lapsis has already published one tranche of leaked files, which, among other things, included the usernames and cryptographic hashes for 71,335 of the chipmaker's employees. The group then went on to make the highly unusual demand, remove a feature known as LHR, short for light hash rate, or see the further leaking of stolen data. Quote, We decided to help mining and gaming community, Lapsis members wrote in broken English. We want Nvidia to push an update for all 30 series firmware that remove every IHR limitations. Otherwise, we will leak HW folder.
Starting point is 00:02:42 If they remove the LHR, we will forget about HW folder. It's a big folder. We both know LHR impact mining and gaming, end quote. Nvidia introduced LHR in February 2021 with the launch of its GForce RTX 3060 models. Three months later, the company brought LHR to its GFors RtX 3080, 3070, and 3060TI graphics cards. The reason, to make the cards less desirable to people mining Ethereum and possibly other types of cryptocurrencies.
Starting point is 00:03:12 In recent years, the soaring prices of cryptocurrencies have created enormous demand for the cards because the cards are generally much faster and more efficient in performing the intensive computations required during the mining process. The demand has led to a shortage that has often made GPUs virtually impossible for gaming enthusiasts to buy. LHR works by looking for specific attributes of the Ethereum mining algorithm. When one of those attributes is found, LHR limits the hash rate, which dictates mining efficiency by around 50%. We designed G-Forse GPUs for gamers, and gamers are clamoring for more, NVIDIA officials wrote when unveiling LHR.
Starting point is 00:03:46 On Tuesday, LAPSIS modified its demand. Now the group also wants NVIDIA to commit to making its GPU drivers completely open source. If NVIDIA does not comply, Lapsis says the company can expect to see a new leak. That would include the complete silicon graphics and computer chipset files, for all of its recent GPUs, end quote. That was last week. Now, security researchers say threat actors are using two of Vindia's code signing certificates leaked by the LAPSIS group already to sign Windows malware and hacking tools, quoting bleeping computer. A code signing certificate allows developers to digitally sign executables and drivers so that Windows and end users can verify
Starting point is 00:04:26 the files owner and whether they have been tampered with by a third party. To increase security in Windows, Microsoft also requires kernel mode drivers to be code signed before the operating system will load them. After Lapsis leaked NVIDIA's code signing certificate, security researchers quickly found that the certificates were being used to sign malware and other tools used by threat actors. According to samples uploaded to the Virus Total Malware Scanning Service, the Stolen certificates were used to sign various malware and hacking tools such as Cobalt Strike Beacons, Mimicats, Backdoors, and Remote Access Trojans. While both stolen NVIDIA certificates are expired, Windows will still allow a driver signed with the certificates to be loaded in the operating system.
Starting point is 00:05:07 Therefore, using these stolen certificates, threat actors gain the advantage of making their programs look like legitimate NVIDIA programs and allowing malicious drivers to be loaded by Windows, end quote. But wait, there's more. I really need to learn more about this Lapsis group because they have apparently also leaked around 190 gigabytes of alleged confidential Samsung files. including a suspected dump of actual source code and related device security and encryption data, quoting bleeping computer once more. In a note posted earlier today, the extortion gang teased about releasing Samsung data with a snapshot of C and C++ drivers in Samsung software. Shortly after teasing their followers, Lapsis published a description of the upcoming leak,
Starting point is 00:05:51 saying it contains, quote, confidential Samsung source code originating from a breach. Among this, source code for every trusted appellate, installed in Samsung's trust zone environment used for sensitive operations, eG hardware, cryptography, binary encryption, access control, also algorithms for biometric unlock operations, bootloader source code for all recent Samsung devices, confidential source code from Qualcomm, source code for Samsung's activation servers, full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services. If these details are accurate, Samsung has suffered a major data breach that could cause huge damage to the company.
Starting point is 00:06:32 Lapsis split the leaked data into three compressed files that add to almost 190 gigabytes and made them available in a torrent that appears to be highly popular, with more than 400 peers sharing the content. The extortion group also said that it would deploy more servers to increase the download speed, end quote. No word yet on whether or not Lapsis is extorting Samsung as well for a ransom or whatever. And also, nothing that I've read about that. this thus far has suggested this is in any way related to the war in Ukraine. We've got an Apple event to look forward to tomorrow, and we've already discussed what to expect from that, but the Apple rumor beat never rests, and our buddy Ming Chi Kuo is back, back again, with these
Starting point is 00:07:21 scoops. A more powerful Mac Mini and a more affordable 27-inch external display without mini-L-D will launch in 2022. A Mac Pro and an I-Ivo. Mac Pro are coming, but only in 2023, quoting 9 to 5 Mac. The respected analyst said that he expects Apple to ship a high-end Mac Mini this year, as well as a 27-inch Apple external display. However, he suggests that updates to iMac Pro and Mac Pro will not arrive until 2023. The Apple external display would apparently be more affordable than the Pro Display XDR, in part
Starting point is 00:07:56 because it is smaller in size and would also be less technically advanced, such as lacking mini-L-D backlight technology. The 2023 roadmap for iMac Pro and MacPro is somewhat of a disappointment given Apple's originally announced schedule to transition all of its products within two years. Apple started the M-1 transition in October 2020, so we would expect it to conclude by the end of 2022. However, it is possible that the company has faced production delays, especially in light of the ongoing chip shortage and general COVID-related disruptions since it made the original claim. A more powerful Mac Mini coming this year corroborates previous rumors as Apple looks to replace the remaining Intel Mac Mini configurations with Apple's silicon options. In fact, a higher-end Mac Mini with M1 Pro and M1 Mac's chips internals is expected to arrive as soon as this week at Apple's peak performance event on March 8th.
Starting point is 00:08:50 Earlier this week, 9-5 Mac exclusively reported that Apple was developing a Mac Studio and companion's studio display. The studio display is expected to feature a 7K resolution panel and is likely meant as a successor to the Pro Display XDR. What Quo seems to suggest in his tweet is that Apple is also writing a separate low-end monitor aimed at the mass market, end quote. See, that lack of an IMAQ pro this year is disappointing to me because this IMA I'm writing on right now has become my daily driver. so I'd love to soup the hell out of one with some new Apple Silicon. But what if the solution is to get a Mac Mini, provided they throw enough storage in it, and then invest in one of those super wide, like, you know, 40-inch wraparound displays that are out there now? Or is the studio display what I should wait for? I don't know. Things are complicated all the sudden. Today in the war, Activision Blizzard and Epic Games have suspended sales of their games in Russia.
Starting point is 00:09:57 Activision Blizzard will also pause offering in-game micro-transactions in that country. And Netflix says it is suspending its service in Russia, which operates through a joint venture with the country's national media group and has more than 1 million subscribers. You might have heard also over the weekend that Visa and MasterCard suspended operations in Russia a few hours after the Ukrainian president asked them to do so in a video call with U.S. lawmakers. But the big news on this front was that TikTok suspended live streaming and new content uploads in Russia in response to that country's new law that would impose prison terms for spreading, quote, fake news. Quoting Bloomberg,
Starting point is 00:10:33 We have no choice but to suspend live streaming and new content to our video service while we review the safety implications of this law. The company announced in a series of tweets. The decision by TikTok, which is owned by China-based bite dance, comes after Russia's parliament passed harsh laws that would impose prison terms for people charged with spreading, quote, fake news about the military or calling for sanctions against Russia. The short video social media platform popular among teens eclipsed a billion users last year. On Friday, the Russian government said it was blocking access to meta platforms Facebook as part of the crackdown. Hours after the announcement, Meta said it would pause all advertising in the nation and stop selling ads to Russian businesses. Russia has been slowing down social media services, including Twitter and YouTube, to make them harder and more frustrating to use, end quote.
Starting point is 00:11:20 Basically, as I understand it, now using the word war to refer to. the war in Ukraine, if you do it in Russia, could land you in prison for 15 years. I believe also, remember, Russia has recently demanded that a lot of tech platforms operating in that country have sizable staffed operations inside of Russia just in order to operate in Russia, the better to arrest this staff as, you know, examples, I suppose. So yeah, hard to be a social media platform in Russia if you are basically facing the nuclear inverse of Section 230 protections staring down at you from the barrel of a gun. And I said this on Twitter this morning, but aside from the fact that your employees could be arrested and used as political hostages,
Starting point is 00:12:05 have you wondered why brands have basically been falling all over themselves to stop selling anything in Russia, stop doing business in Russia with such alacrity? I know I have. Well, this morning, The no opinion newsletter provided the most clear answer I've heard yet to why this is happening. Bottom line, it's not just virtue signaling. It's about the sanctions. Quote, why are all of these brands pulling out of Russia? Maybe it's to appear moral and avoid negative attention from Western consumers. Maybe it's because Western governments are leaning on them to pull out. But the simplest explanation is that Russians are just not going to be able to pay for these goods with the ruble crashing and Russian banks unable to make
Starting point is 00:12:46 transactions with the West. What company would risk the negative optics of keeping their stores open in Russia just to serve customers who can't pay, end quote? Finally today, in the circles that you and I probably run in Venmo and cash app, get all of the attention. But remember, the big banks banded together in recent years to create their own easy payments app called Zell. And it's quietly huge. But what this article from the New York Times suggests is that fraud is also huge. huge on Zell. And weirdly, the banks say it's not their problem. Quote, consumers love payment apps like Zell because they're free, fast, and convenient. Created in 2017 by America's largest banks to enable instant digital money transfers, Zell comes embedded in banking apps and is now by far the
Starting point is 00:13:38 country's most widely used money transfer service. Last year, people sent $490 billion through Zell, compared with $230 billion through Venmo, its closest rival. Zell's immediate sense. has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zell, they can siphon away thousands of dollars in seconds. There's no way for customers and in many cases the banks themselves to retrieve the money. Nearly 18 million Americans were defrauded through scams involving digital wallets and person-to-person payment apps in 2020, according to Javelin strategy and research and
Starting point is 00:14:20 industry consultant. Organized crime is rampant, said John Blizzard, Javelin's lead fraud analyst. A couple of years ago, we were just starting to talk about it on apps like Zell and Venmo, Mr. Blizzard said, now it's common and everywhere, end quote. The banks are aware of the widespread fraud on Zell when Mr. Fonce called Wells Fargo to report his crime. By the way, the article opens with an anecdote about a customer shock that when he contacted Wells Fargo to report an obvious fraud case to them, they basically threw their hands up. The customer service representative told him, quote, a lot of people are getting scammed on Zell this way. Getting ripped off for $500 was, quote, actually really good, Mr. Frantz said the rep told him,
Starting point is 00:15:00 because, quote, many people were getting hit for thousands of dollars, end quote. Wells Fargo later sent him a note saying it did not consider his loss to be fraudulent because Mr. Frantz had authorized it, even though he had been tricked into transferring the money. It's not clear who is legally liable for such losses. Banks say that returning money to defrauded customers is not their responsibility since the federal law covering electronic transfers, known in the industry as Regulation E, requires them to cover only unauthorized transactions and the fairly common scam that Mr. Frantz fell prey to tricks people into making the transfers themselves. Victims say because they were duped into sending the money, the transaction is
Starting point is 00:15:38 unauthorized. Regulatory guidance has so far been murky about this. When swindled customers, already upset to find themselves on the hook, searched for other means of redress, Many are enraged to find out that Zell is owned and operated by banks. The Zell Network is operated by Early Warning Services, a company created and owned by seven banks, Bank of America, Capital One, J.P. Morgan Chase, PNC, Truist, U.S. Bank, and Wells Fargo. Early Warning based in Scottsdale, Arizona, manages the system's technical infrastructure, but the 1,425 banks and credit unions that use Zell can customize the app and add their own security settings. It's hard to tell exactly how much fraud takes place through Zell because banks aren't required to publicly report their
Starting point is 00:16:21 losses. Banks say they take fraud seriously and are constantly making adjustments to improve security, but police reports and dispatches from industry analysts make it clear that the network has become a preferred tool for grifters like romance scammers, cryptocurrency con artists, and those who prowl social media sites, advertising concert tickets, and purebred puppies only to disappear with buyers' cash after they pay. The Consumer Financial Protection Bureau issued detailed guidance to banks last year about what kinds of fraudulent losses they're required to repay. The regulator requires the banks to reimburse customers for losses on transfers that were initiated by a person other than the consumer without actual authority to initiate the transfer, including those who obtain a victim's
Starting point is 00:17:02 device through fraud or robbery. That guidance set off alarm bells among banks, said Deborah Baxley, a partner at Pagility Advisors, a consulting firm that specializes in the payments market, until then, quote, the bank's point of view was pretty much, sorry, customer, it's on you, she said. Still, the consumer agency doesn't address who is responsible for a fraudulently induced transfer if the customer physically hit the buttons, end quote. So I guess this is from my consumer reporter file. Caviot Emptor when it comes to Zell and maybe most free and easy money transfer apps, read the article for specific examples of scams to be on the lookout for.
Starting point is 00:17:42 By the way, if you didn't see in the feed, we did have two bonus episodes this weekend. So don't miss that. Don't miss the Sunday episode as well that I dropped as a surprise our conversation from my kitchen table between Chris and I with the great Charlie O'Donnell. And also a reminder that tomorrow there's an Apple event at 1 p.m. Eastern 2 a.m. Pacific time. So since, as per usual, I will have to actually wait for the event to happen just to be able to cover the news, be prepared for the show. to be a couple hours later than normal. Talk to you then.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.