Samsung forgot to restore an important domain, leaving millions of its users at the mercy of hackers

16. 6. 2017

Samsung, the world's most popular smartphone vendor, left millions of its customers at the mercy of hackers just because it forgot to renew one of its internet domains - ssuggest.com. It was used to operate the application With Suggest, which comes pre-installed on the company's older phones. So if you own one, then you were at risk.

The vulnerability was discovered by security researchers from Anubis Labs, who managed to gain control over the domain. João Gouveia, head of technology at Anubis Labs, revealed that Samsung simply allowed anyone to register the domain, and if it fell into the wrong hands, it could be used to take over apps and thus the phone. Millions of Samsung smartphones could soon be loaded with malicious applications

Gouveia, which acquired the domain, saw more than 620 million connections from 2,1 million unique devices in just 24 hours after taking control. The S Suggest app has access to permissions that include remotely restarting the phone or installing apps and packages. Through the domain, it was thus possible to install basically anything on all connected devices.

S Suggest app rights:

Ben Actis, an independent security analyst, echoed Anubis Labs' claims, saying that if a malicious hacker took control of the domain, they would have the ability to push malicious apps onto the device. Gouveia stated that he is willing to return the Samsung domain. Although the South Korean company has admitted that it has lost control over the domain, on the contrary, it refutes the claim that it would be possible to install malicious applications on phones and tablets with the S Suggest application after taking control of it, saying that this is not possible through the domain.

Samsung has installed the S Suggest application on all of its smartphones from the range Galaxy until 2014. In the year the company stopped supporting the application and stopped installing it on devices. So newer phones were safe. However, if you own an older smartphone or tablet, then you may have been at risk. It depends on whether you believe the claims of Samsung or the security researchers.

source: motherboard

Discussion of the article

Insert your own comment Cancel reply

Your name or Log in

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

Today's most read

Most read

Samsung forgot to restore an important domain, leaving millions of its users at the mercy of hackers

Discussion of the article

Insert your own comment Cancel reply

Related

Today's most read

Most read