Project

General

Profile

Samsung source code leak a couple days ago

Added by Jude Nam 2 months ago

https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/

There has been a huge leak on Samsung. The compressed file size is 190GB and it is known to contain source code of all of their devices, including bootloader, TrustZone, KNOX, and even Qualcomm's confidential source codes. Any thoughts on this related to the project?


Replies (1)

RE: Samsung source code leak a couple days ago - Added by Denis 'GNUtoo' Carikli 2 months ago

The issue is that the people looking at the code won't be able anymore to work on free replacement of that code.

So if it has the RIL code, people reading that and then contributing to libsamsung-ipc would put libsamsung-ipc and Replicant at big (legal) risk.

ReactOS had to stop for many years and conduct an audit of all their code because code identical to windows code made it inside the project source code.

Does someone knows if that leak also contain keys that are able to sign the first bootloader? If there is such keys I'd need to ask FSF lawyers if there is a way to use that because as I understand other laws than copyright applies to keys.

In general it would also be interesting to understand if there is code inside for components that we are replacing with free software like libsamsung-ipc in order to know where we need to be extra careful about contributions.

A way to do it would be to work with the press to understand that better. For instance the debug logs of the modem print a lot of information about file names, and maybe the nonfree ril also does that (I'm not sure though).

Denis.

    (1-1/1)