Security researchers have pointed out, a serious security neglect at the part of Samsung. According to researchers, Samsung left millions of customers vulnerable to hackers because it failed to renew a domain. This domain was to control a stock app which is still active on older devices.
Therefore, if you use an older Samsung smartphone, you have a stock app which is designed to recommend popular apps to you. One such app is S Suggest. The company has informed that it discontinued S Suggest in 2014. Therefore, it let go of its domain which used to control the app-ssuggest.com. This came to light, by the security researcher who took over the domain.
By letting this happen, Samsung literally gave anyone the access to millions of smartphones if they could purchase the domain. Moreover, because of this security lapse, the controller would have the power to push malicious apps into the older Samsung smartphones.
However, after the story broke out, Samsung disputed the claims of the researcher. The company says, that it did lose the domain. However, control of the domain does not allow anyone to install malicious apps on mobile phones. Moreover, Samsung clarified that it does not give control of user’s phones as well.
However, the researcher Gouveia said that he was able to track 620 million “check-ins” in just 24 hours. These check-ins came in from 2.1 million unique Samsung devices. S Suggest has several automatic permissions, including installing apps or packages and rebooting the phone remotely.
According to the researcher Gouveia. Anyone who could have access to this domain with bad intentions could do a lot of damage to the older Samsung devices.
Moreover, a hacker can easily push malicious apps directly to Samsung cell phones. If this had been the case then millions of Samsung cell phone users would have got affected by it. Other independent Android security researchers do accept this fact and have said that such a scenario would have tremendously affect Samsung’s image amongst its customers. Researcher, Gouveia said that he is willing to give back the domain.
Given the facts, this could have been much, much worse for millions of customers. Therefore, we can hope such an instance won’t happen again. However, this incidence does open up the debate about security aspects of older Android versions.
Therefore, as a precautionary step, all those who are using older Android phones can now consider to replace them with a newer generation Android providing better security features.