14 DAY TRIAL // Samsung is exposing millions of devices to hackers simply because the company has apparently forgotten to renew a domain that some of its smartphones are trying to connect to in the background.
Specifically, Samsung smartphones launched in 2014 or before come with an app called S Suggest, whose purpose was to recommend apps to users based on the existing apps, searches, and other factors. The whole thing worked with the help of an Internet domain called ssuggest.com, with the app connecting to this domain to retrieve recommendation for each device.
Samsung, however, discontinued the S Suggest app in 2014 pretty much because nobody was using it, but the company left the domain to expire and never renewed it.
Devices, on the other hand, keep trying to connect to ssuggest.com, apparently (but not confirmed) even if the app was disabled on smartphones where it was already installed.
2.1 million devices connecting to the domain
And according to security researcher João Gouveia, this is a huge opportunity for hackers to compromise millions of devices. Gouveia managed to purchase the domain ahead of everyone else, and after looking into statistics, he discovered something really worrying: there were 620 million connections from 2.1 million devices that attempted to retrieve content from the domain.
This means that a hacker could use the domain to compromise millions of Samsung devices, and given that the S Suggest app required advanced privileges, attackers would be able to do all sorts of stuff on these phones, including installing apps, extracting data, and stealing emails or messages.
Fortunately, the security researcher says this won’t happen with this domain, but warns that Samsung needs to look into the problem and block domains once it discontinues specific apps.
A software update could be the easiest way to deal with this issue right now, though there’s still no information right now as to how Samsung wants to block the connections to the domain. The South Korean firm hasn’t released a statement on this report just yet.