Sometimes inaction can be just as dangerous as making a wrong move. That seems to be the case for Samsung, as it appears simply letting a domain expire could have left millions of its customers vulnerable to hackers. Luckily, a security researcher named João Gouveia noticed the potential problem and snapped up the domain before anyone with more nefarious intentions was able to grab it.
The domain in question is ssuggest.com, which relates to an app Samsung discontinued back in 2014. The key function of S Suggest was a homescreen widget highlighting apps recommended by Samsung that could be downloaded from the Play Store. It had a social aspect, too, showing you which apps your friends were using via its Facebook integration. Even though the app isn’t supported anymore, and doesn’t come with newer Samsung phones, it remains on many older handsets. It’s those devices that it’s said would have been vulnerable if the domain had gotten into the wrong hands.
Gouveia, who is the chief technology officer at Anubis Labs, explained that S Suggest’s permissions, which include the ability to reboot the phone and install apps, could have put users at risk. Apparently, anyone with access to the domain could use it to force the installation of malicious software via the app.
Motherboard was able to get a comment from Samsung on the issue. Unsurprisingly, the Korean company disputes the claim, saying that access to the domain “does not allow you to install malicious apps [and] does not allow you to take control of users’ phones.” Without further information, it’s hard to say whether or not the allegations are true, so I guess we’ll just have to believe who we believe on this one.
If it is true, it’s not only embarrassing but also potentially quite worrying for Samsung going forward. The company was also chastised for poor security practices just a couple of months ago, when another researcher described its Tizen software as possibly “the worst code [he’s] ever seen,” due to multiple bugs and critical vulnerabilities. With recent hardware defects still relatively fresh in the minds of consumers, Samsung would do well to avoid gaining a reputation for neglecting its users’ security.