Samsung left millions of devices to hackers after failing to review the domain of the app that came pre-installed on the devices, according to a security researcher. In an interview to Motherboard, João Gouveia, the chief technology officer at Anubis Labs, told the publication that there is a huge opportunity for hackers to compromise millions of devices. Gouveia has recently purchased the expired domain.
Samsung smartphones launched in 2014 or before came with an app called S Suggest, whose primary purpose was to recommend apps to users based on the pre-installed apps. Samsung, however, discontinued the S Suggest app in 2014, but the company left the domain to expire and never renewed it.
By letting the app Suggest.com domain expire, a security researcher was able to control the domain. This means that hackers could use the domain to compromise millions of Samsung devices. In a 24 hour period, Gouveia discovered that there were 620 million connections from around 2.1 million devices that attempted to retrieve content from the domain. All this shows that millions of devices were left to get compromised.
As expected, Samsung disputes the claim, saying that the access to the domain “does not allow you to install malicious apps, it does not allow you to take control of users’ phones.” If the claim is true, Samsung will face an awkward situation for the second time in row. Back in April this year, a security researcher had accused Samsung’s Tizen operating system to be less secure than many thought. Israeli researcher Amihai Neiderman described Samsung’s Tizen OS as possibly “the worst code (He’s) ever seen,” due to multiple bugs and critical vulnerabilities.