In amidst the Google-y goodness that is the yearly I/O conference, Samsung had to go and try to steal some of the spotlight. You might be wondering how, exactly, the electronics giant is going about this. TechCrunch broke the news this morning that a development lab within the company has actually been leaking important information like the SmartThings source code and app signing keys.
Cybersecurity firm SpiderSilk, specifically a researcher named Mossab Hussein, discovered this unfortunate exposure thanks to Samsung engineers leaving projects set to public on their internal GitLab instance; they weren't even protected with passwords.
The leaked info contained a lot, including logs and analytics for Bixby and SmartThings. Private employee GitLab tokens were stored in plain text, allowing access to even more projects. In all of this, Hussein says he discovered source code that matched that of the SmartThings Android app and signing certificates for both the Android and iOS apps.
Reported to Samsung on April 10, the case is still is open. According to Hussein, Samsung didn't even revoke the GitLab private keys until April 30, nearly three weeks after the initial report.