After Samsung had failed to renew the domain of one of their pre-installed apps, millions of users were left open to malware attacks.
The app S Suggest that was part of the older Samsung smartphones is still active on millions of devices. Its purpose was to help users by suggesting which other popular apps they could use. It all worked fine for everyone until the company stopped supporting the service.
According to MotherBoard, apparently, during the last couple of months, the software wasn’t supported by Samsung anymore. That lead to failed renewal of the ssuggest.com domain, which left it wide open for someone else to use. Fortunately for Samsung, as well as for all of its users, the domain was taken over by a security researcher João Gouveia.
Gouveia is Anubis Lab’s chief technology officer and he stated that he has taken over the platform for fear that someone else might do it instead. In case that they did, any of the older Samsung smartphones might end up being infiltrated by hackers, malware, trojans, or alike.
Gouveia reportedly detected over 620 million connections in only 24 hours. More than 2.1 million different devices were counted. This means that, if any hacker discovered the Samsung’s mistake before this researcher, they would have 2.1 million victims to choose from.
Just sinkholed Samsung's S Suggest platform, which was orphaned and could be grabbed by bad actors.. 7k sinkhole "checkins" per second. pic.twitter.com/HcpYp4bTJM
— João Gouveia (@jgouv) June 12, 2017
Pretty much anyone was able to pay for this domain and take complete control over it. Any of the older Samsung devices would have held the door open for any malicious software. Hackers could have uploaded them to your phone directly and you wouldn’t even know it until they got full control of your device.
The situation is possibly even worse because the app has a lot of invasive permissions. Anyone with control over it could potentially install other apps, spy on users or even completely reboot their phone. Any Samsung’s device with this app could have ended up being infected and that includes tablets as well.
Another independent security researcher, Ben Actis, has stated that this is a big mistake on Samsung’s part. He also said that it’s confirmed that the app could install other apps. And as a researcher who specifically studied Android, he would know better than most.
As for Gouveia, he promised to return the domain to Samsung, if the company wants it back. Until that time comes, he would keep it safe from others. At the time of writing, Samsung still hasn’t given a comment on the situation.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.