Samsung Electronics has not been peaceful lately.
Recently, Samsung's Galaxy devices were hacked, nearly 200GB of data information was leaked, involving partners Qualcomm confidential data, hundreds of millions of Galaxy device users are facing new potential security risks. Previously, Samsung's electronic semiconductor business had been "faked" due to chip yield, and the 4nm process yield was only 30%, which led to Qualcomm and other large customers switching to TSMC, which has repeatedly aroused external concern.
Samsung Electronics, which has been unfavorable for many years, is in the midst of a new brand crisis.
200G source code leaked, experts say the impact is extremely serious
Recently, Samsung Electronics was targeted by the hacking organization and was leaked a large amount of confidential data. It is reported that the hacking organization Lampsus$ first released a screenshot of C/C++ instructions in Samsung software, and then published the leaked content, saying that it contained Samsung's confidential source code.
The hacking group said the leaked data included: the source code of each trusted applet (TA) installed in the Samsung TrustZone environment for sensitive operations (e.g., hardware encryption, binary encryption, access control), all biometric unlock device algorithms, bootloader source code for all the latest Samsung devices, source code for Samsung activation servers, complete source code (including APIs and services) of the technology used to authorize and verify Samsung accounts, confidential source code from Qualcomm, and more.
In the latest statement, Samsung Electronics acknowledged the fact that the source code was leaked, saying that its Galaxy devices were leaked with nearly 200GB of data information and may contain some of Qualcomm's confidential information. But Samsung Electronics also said in a statement that "while the leaked data contains some internal data, there is no employee personal data." ”
A Samsung spokesperson further explained, "According to our preliminary analysis, the data breach does not include our consumers. We do not expect our business or customers to be affected in any way. We have taken steps to prevent the recurrence of such incidents. and will continue to serve our customers without interruption. ”
But judging from the attitude of some people in the industry at present, everyone obviously does not think so. A number of industry insiders told Sina Technology, "The impact of this leak on Samsung is not small, and it may not be as insignificant as the official statement says." ”
"The impact of Samsung's data breach is quite large, some of the most core security code and data have been leaked, and even some system source code that is tightly integrated with the processor. There are now a large number of people who have downloaded the code and data. Li Wen, founder of a smart device security solution provider, told Sina Technology.
In Levine's view, if these leaked data contain the root key, then basically as long as it is a Samsung phone, it will be easy to crack. Although in the future, Samsung phones can reduce some of the impact through remote OTA upgrades, but this impact will take a long time, and the development and upgrading of new code will also take a long time.
Li Nan, who is well versed in TrustZone technology and serves as the chief architect in a smart device security company, told Sina Technology, "Although it seems that the leaked code is theoretically achieved by design security, the specific algorithm is not too confidential." But there is too much code for 200G, and if a bug that has not been found before is found, or if the design is made in some way due to the difficulty of implementation or cost considerations, the impact will become extremely serious. ”
According to the previous Samsung, as of February 2019, the number of Galaxy devices sold by Samsung has exceeded 2 billion, if the code is completely leaked, it means that most of the underlying code in these Galaxy devices will be exposed in the future, and in the future, criminals will have the opportunity to find more vulnerabilities in these codes, which in turn will lead to an increase in the probability of these Galaxy devices being contaminated with network viruses or network attacks.
In Li Nan's view, in addition to security issues, the intellectual property value of the leaked source code alone is already very high.
The yield of the process is only 30%, who is good?
In addition to the data breach, recently, Samsung's electronic semiconductor business has also attracted attention because of the fraud of the chip foundry yield rate.
At the end of February, according to South Korean media reports, Samsung executives may have fabricated the yield of chips in their processes below 5nm during the trial production stage to boost the competitiveness of Samsung's foundry business. Subsequently, Samsung launched a survey on the whereabouts of funds originally planned to expand production capacity and guarantee yield, to further understand the output and yield of semiconductor foundries.
According to an official familiar with the internal situation of Samsung Electronics at the time, "because the number of wafer foundry deliveries is difficult to meet the demand for foundry orders, the company is skeptical about the yield of the non-memory process, in fact, based on this yield can meet the order delivery." According to other insiders, in the Snapdragon 4nm process chip produced by Samsung for Qualcomm, the yield rate is only 35%, and the yield of Samsung's self-developed 4nm process SoC Orion 2200 is even lower.
"If the yield rate is really as rumored to be 35%, which means that 70% of the 4nm chips produced by Samsung are waste, then the yield rate is also too bad." Zhang Hong, a former SMIC insider, lamented that the decline in yield means that the production capacity of Samsung Semiconductor's 4nm process foundry business cannot be improved, not only the factory's internal PDK, SRAM design and various Qualify need to be modified. At the same time, the ultra-high scrap rate will also increase the production cost of related chips, directly leading to a decline in corporate profits, and even affect customer confidence.
In fact, the decline in the yield rate of Samsung chips has also made Qualcomm, the largest foundry cooperation customer of Samsung Semiconductor, lose confidence. According to foreign media reports, Samsung Semiconductor is currently expected to complete the 3nm process SoC foundry order to be launched next year to TSMC exclusively.
Apple has always been TSMC's largest chip foundry cooperation customer. Previously, Samsung had already lost the competition with TSMC and lost the GPU order of NVIDIA's 7nm process. Now, with Qualcomm once again switching to TSMC, after losing Apple, Nvidia, Qualcomm, which are important customers in the chip industry, Samsung Semiconductor's advantages in the field of advanced process foundry have been completely inferior to TSMC in the competition.
"For the current chip industry, the original foundry capacity is limited. If the 4nm yield is not good, Samsung is likely to transform the 4nm equipment to 8nm or 10nm later, which is beneficial for Samsung to produce chips with nodes above 4nm, but in the field of chip manufacturing at a lower nanometer, Samsung may lag behind TSMC," Zhang Hong told Sina Technology.
Did Lee save Samsung Electronics?
Fast forward to February 2017, when Lee Jae-yong, heir to Samsung Group and actual controller of the company, was arrested and sentenced to five years in prison for allegedly bribing former President Park Kyung-hye in a corruption scandal. Subsequently, in February 2018, the court commuted the sentence to 2 years and 6 months and was briefly released after 4 years of probation, but was soon arrested and imprisoned for bribery.
The two arrests and imprisonment directly affected Samsung's responsiveness and decision-making ability to respond to changes in the business situation. During this period, Samsung accumulated up to $102 billion in cash reserves, but it began to be unresponsive in commercial mergers and acquisitions and major project expansion, and it began to be pulled away by TSMC in the field of semiconductor foundry.
As the largest family business and "Big Mac" economy in South Korea, Samsung's revenue accounts for 20% of South Korea's total GDP, and Samsung's corporate development is directly related to the development and operation of South Korea's overall economic industry. In June 2021, Samsung, SK, LG, Hyundai, the four major South Korean chaebols collectively petitioned the South Korean president, saying that Lee Jae-yong is crucial to maintaining the competitiveness of South Korean semiconductors, "he should not stay in prison." ”
Finally, in August 2021, the president agreed to Lee's parole release on the grounds of national interest.
After his release from prison, Lee not only quickly announced a three-year investment plan of up to $206 billion on behalf of Samsung to expand its business in areas such as chips, biopharmaceuticals, artificial intelligence and robotics. Plans to build a $17 billion chip production base in Texas have also been finalized.
Not long ago, Samsung released in the fourth quarter of 2021, lee Jae-yong ushered in his first financial report after his release from prison to fully participate in operation management. According to the financial report, Samsung's consolidated revenue was 76.57 trillion won, an increase of 24.39% year-on-year, creating a new high, and the operating profit was 13.87 trillion won. Among them, the comprehensive revenue of Samsung's semiconductor business in the fourth quarter was 26.01 trillion won, and the operating profit was 8.84 trillion won, accounting for 63.7% of the overall operating profit.
Judging only from the performance of the financial report, Lee did let Samsung set a new revenue growth record after his release from prison. However, the ensuing decline in the yield rate of the semiconductor foundry business and the counterfeiting scandal have also begun to arouse suspicion from the outside world. In this regard, some insiders commented, "The mentality of the semiconductor business to seek growth is understandable, but it is not advisable to be too eager to achieve results without regard to business ethics and the bottom line, and openly commit fraud." ”
Behind the data breach and chip yield fraud, perhaps Li Zairong, who is eager to promote the growth of Samsung's performance, in order to avoid the sudden "backyard fire" when the company's new business is expanding at a high speed, it is necessary to make more efforts in the stability and security compliance of the company's operation and management.
Source: Sina Technology