A security researcher has revealed that sensitive information has been made accessible to the public on GitLab and included Samsung code used in various projects including the SmartThings and Bixby platforms.
Mossab Hussein, a security researcher with cybersecurity outfit SpiderSilk, discovered that dozens of Samsung internal coding projects were being exposed on GitLab thanks to being erroneously configured as public without any password protection. Which meant that anyone could access them, and download the source code. The data included source code for the Samsung smart home ecosystem platform known as SmartThings and private certificates for both the Android and iOS SmartThings app.
Samsung has revoked the Amazon Web Services (AWS) credentials following Hussein's disclosure to them on April 10. The company said that "we have yet to find evidence that any external access occurred" but Samsung is "currently investigating this further."