The domain in question is used to control S Suggest - a stock app, suggesting other applications to use, which came pre-installed on many older Samsung handsets. Samsung stopped supporting and installing S Suggest as early as 2014, but the huge number of smartphones that the company was selling means that millions of devices with this software are still active in the world as of now.
The problem is that the expired domain has given anyone willing to register a potential base for attack at those millions of smartphones, and the opportunity to push malicious apps on them, according to João Gouveia, chief technology officer at Anubis Labs - a software company specializing in mobile apps. And it could have been catastrophic since S Suggest requires a bunch of permissions, including rebooting the phone remotely and installing third-party apps or packages, the security researcher says.
Thankfully, the domain was taken not by hackers, but by Gouveia himself, so the users of handsets with the S Suggest app are, in fact, not in danger. Samsung also disputes Gouveia's claims saying that the control of the domain "does not allow you to install malicious apps, it does not allow you to take control of users' phones." But with all that being said, the story is still indicative because it shows that companies shouldn’t stop paying attention even to old services that they already find unnecessary.
source: Мotherboard
Latest News
OxygenOS Open Beta 12 for the OnePlus 8 series now available, brings the new OnePlus Store
WhatsApp beta for iOS introduces the option to send better quality images via the chat service
The exact Apple iPad mini 6 display size leaks, no Pro model expected
Samsung confirms it has made an S Pen specifically for third-gen foldable phones
Galaxy Z Flip 3 leaks in official high-resolution images
Remember the Nokia 6310? HMD just revealed its 2021 version; Take a look
FCC OKs Cingular\'s purchase of AT&T Wireless