Possibility of Samsung cloud security hole results in South Korean celebrity extortion (report)

Possibility of Samsung cloud security hole results in South Korean celebrity extortion (report)

Several A-list celebrities in South Korea have been extorted for hundreds of thousands of dollars.

The cause could be a Samsung Galaxy phone or an unidentified security hole in the company's cloud service. Or it could be that celebrities are reusing account passwords that were compromised through other means.

According to the Korean website Nate.com, K-pop stars, actors, and even famous chefs have been asked for sums ranging from 50 million won (about $43,000) up to 1 billion won (about $862,000). If they do not comply, the extortionists threaten to release compromising chat threads, photos, and videos.

So far, "more than 10 extortion cases" have been identified and confirmed by authorities. In one case, unidentified blackmailers released a private conversation with famous Korean actor Cho Jin-mo after he refused to pay.

Other stars have also reportedly paid ransom after extortionists proved they had compromising material. Korean celebrities are extremely vulnerable to disgrace and public humiliation.

The extortionists - described by Nate.com as "hackers" but it is not yet clear how they obtained the private material - also contacted the celebrity's friends and family, warning them of what would happen if the celebrity did not comply with their demands.

The issue may involve Samsung Cloud, which backs up personal data and device settings on Samsung Galaxy phones and tablets to Samsung's servers, allowing users to quickly migrate to new Galaxy phones.

Nate.com contacted an unidentified person who claimed to be one of the people who may have stolen data from a celebrity's Samsung Cloud account. The "hacker" appeared to be a non-native Korean speaker and implied that he was downloading data from the Samsung Cloud account to a new phone.

It is unclear how the "hacker" gained access to the Samsung Cloud account, but if the targeted celebrity did not have two-factor authentication (2FA) enabled on his Samsung account, all he needed to transfer his Samsung Cloud data to his new phone was would have been only a username/email address and password.

If the credentials of another account of the targeted celebrity were part of a larger data breach, an attacker could attempt to use those credentials to access the celebrity's cloud account. If the celebrity reuses passwords and does not have 2FA enabled, the attacker would likely succeed.

Nate.com experimented with this method and was able to transfer a user's Samsung Cloud backup to a new phone with just a username and password.

This apparent situation is similar to the incident Apple faced in 2014, when private images and videos of several celebrities were leaked onto the Internet, presumably from Apple's iCloud service. This incident, dubbed "The Fappening" due to online notoriety, made it easier for Apple to use 2FA.

Samsung has not yet taken that step -- we could not find any instructions on how to enable 2FA on a Samsung account. However, we could not find a way to enable 2FA on a Samsung account.

Categories