x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • An expired domain may have exposed millions of older Samsung phones to hackers

An expired domain may have exposed millions of older Samsung phones to hackers

Posted: , by Anton A.

Tags :

An expired domain may have exposed millions of older Samsung phones to hackers

Everyone can make a silly mistake, but when such a mistake is made by someone in a company like Samsung, it could affect many people and even expose them to danger. And herе is how Samsung has actually done it: by letting an old domain expire thus leaving millions of smartphone users potentially vulnerable to hacker attacks.

The domain in question is used to control S Suggest - a stock app, suggesting other applications to use, which came pre-installed on many older Samsung handsets. Samsung stopped supporting and installing S Suggest as early as 2014, but the huge number of smartphones that the company was selling means that millions of devices with this software are still active in the world as of now. 

The problem is that the expired domain has given anyone willing to register a potential base for attack at those millions of smartphones, and the opportunity to push malicious apps on them, according to João Gouveia, chief technology officer at Anubis Labs - a software company specializing in mobile apps. And it could have been catastrophic since S Suggest requires a bunch of permissions, including rebooting the phone remotely and installing third-party apps or packages, the security researcher says.

Thankfully, the domain was taken not by hackers, but by Gouveia himself, so the users of handsets with the S Suggest app are, in fact, not in danger. Samsung also disputes Gouveia's claims saying that the control of the domain "does not allow you to install malicious apps, it does not allow you to take control of users' phones." But with all that being said, the story is still indicative because it shows that companies shouldn’t stop paying attention even to old services that they already find unnecessary. 
 
source: Мotherboard

13 Comments
  • Options
    Close





posted on 16 Jun 2017, 08:54

1. trojan_horse (Posts: 4944; Member since: 06 May 2016)


"But with all that being said, the story is still indicative becauseit shows that companies shouldn’t stop paying attention even to old services that they already find unnecessary."

The service was stopped, but wasn't the domain also closed or something?

posted on 16 Jun 2017, 09:14 10

4. peace247 (Posts: 495; Member since: 26 Apr 2014)


-Post sponsored by Apple

posted on 16 Jun 2017, 09:03 3

2. Zylam (Posts: 1120; Member since: 20 Oct 2010)


This is why software updates and support is necessary.

But no Death to Apple right? Android phones being outdated and insecure is perfectly acceptable as long as they are jam packed with features and the kitchen sink?

I'm a huge Android fan and love it to bits, but with phones carrying so much personal data, software updates and security is a number 1 priority, something Android phones lack and it's concerning.

If only the fandroids could stop for a second and take their heads out of hating Apple for all its success, they'd see that if we all complained about Android phones not being updated, Google/Samsung etc would all have to up their game.

But as long as it's Death to Apple, every Android phone could be exposed to security risks, however it's "better" than Apple, so it's all good.

posted on 16 Jun 2017, 09:09 5

3. bucknassty (Posts: 153; Member since: 24 Mar 2017)


Bruh... iphone is a high end phone... compare it to other high end androids.

Samsung makes low end models for people who can not afford the top headsets. The amount of man power to keep those phones updated would far outweigh their cost.

if you buy a dirt cheap android do not expect your stuff to be updated to the latest and greatest all the time. its like buying a toyota and expecting it to perform like a Ferrari!!! you wont get the same treatment at the dealership either.

posted on 16 Jun 2017, 10:36 3

5. JMartin22 (Posts: 2013; Member since: 30 Apr 2013)


This guy is a residential troll. Don't try to stimulate him with an intelligent rebuttal. It's just going to deflect off of him

posted on 16 Jun 2017, 15:45 1

8. Leo_MC (Posts: 2677; Member since: 02 Dec 2011)


A Toyota car can't reach speeds of 300 km/h but it should have brakes and airbags (=safety parts).

posted on 17 Jun 2017, 17:01

12. Trex95 (Posts: 1118; Member since: 03 Mar 2013)


You forget about Lexus LFA and Supra that can reach more than 300 km/h.

posted on 18 Jun 2017, 00:27

13. Leo_MC (Posts: 2677; Member since: 02 Dec 2011)


That's missing my point...

posted on 16 Jun 2017, 11:17 3

6. omnitech (Posts: 900; Member since: 28 Sep 2016)


lol um its the isheep that need to take their heads out of their asses and start complaining about being ridiculously overcharged for mid range products.

posted on 16 Jun 2017, 11:31

7. PrYmCHGOan (banned) (Posts: 335; Member since: 28 Sep 2016)


This story is BS. The app is installed, but it doesn't even work.

Its a domain. How many domains have you visited that after they are gone, was able to do anything to your device?

If you launch the app it doesn't even do anything so it is impossible for anyone to insert any malicious code.

This article is BS. Of course like flies on s**t...here comes all the Samsung hating trolls.

I have an S4 in front of me. I have an S4 here, and I launched the S Suggest. It does nothing. It shows a screen letting you know the app is no longer supported. So how woudl anyone even get access.

How many people in the world you think are still using an older S device?

Tru emilliosn of peopel may still have a phoen with this app, but the app doesnt work. So I am curious how an app that doesn't work, somehow can be used to hack someone.

PA and this guy are all full of BS.

But ti wont stop the trolls

Zylam who knows nothing about apps. "This is why an app should be supported and update". Umm no fool. The app is no longer even availble. It was discontinued and pulled off all the app stores.

What would be better to say, this is why apps should never be baked into firmware or they should be uninstallable.
But no app is supported forever.

A domain is just a web address.

The guy is trying to claim that because the app still tries to reach for this domain by default, that someone could set up a fake domain that the app could reach and that app could be used to spoof.

Even though anything is possible, it doesn't make this any less BS than it is.

As soon as their is a story that is something bad against Samsung or one of its products, the very first posts are from the flies that always are on sh*t.

posted on 16 Jun 2017, 15:49 2

9. Leo_MC (Posts: 2677; Member since: 02 Dec 2011)


If the app is designed to listen and take commands from a server, hosted by a domain, once there's a different (malicious) server that sends commands from the same domain, the app will do what the malicious servers tells it to do.

posted on 16 Jun 2017, 22:08

10. obedchuni (Posts: 230; Member since: 16 Jun 2014)


Oh there u are son of a samsung techiexp/ prymchgoan, i can recognise u.

posted on 17 Jun 2017, 16:58

11. Trex95 (Posts: 1118; Member since: 03 Mar 2013)


Seems that Samsung galaxy's even getting worst with every new flagship!

https://www.youtube.com/watch?v=IM21-U-rWK4&feature=share

https://forum.xda-developers.com/galaxy-s8/help/samsung-s8-black-screen-death-t3595971

S8/S8 plus has an black screen of death

Want to comment? Please login or register.

Latest stories