Click to Skip Ad
Closing in...
  1. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

  2. Galaxy Star Projector Amazon
    09:43 Deals

    This awesome $32 gadget went viral on TikTok and now Amazon shoppers are obsessed

  3. How To Save Money On Your Cable Bill
    15:37 Deals

    Your cable company is furious that we’re telling you about this $59 box on Amazon

  4. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe

  5. Amazon Gift Card
    07:58 Deals

    $25 in free Amazon credit beats any Prime Day deal – here’s how to get it




Samsung made a rookie security error that could’ve screwed millions of phones

June 15th, 2017 at 11:03 PM
Samsung security

If I do my job badly, a couple people are normally kind enough to come along in the comments and let me know. If a Samsung developer does his job badly, it turns out that millions of devices are left completely vulnerable to easy attack.

Motherboard talked to a security researcher who managed to snap up a former Samsung domain name that Samsung forgot to renew. Unfortunately, the domain name wasn’t a microsite for a Samsung ad campaign, but rather ssugest.com — the domain name for a server that controlled one of the stock apps that used to ship on Galaxy devices, S Suggest.

João Gouveia, the chief technology officer at Anubis Labs, noticed the lapse and decided to register it for himself. In a phone call with Motherboard, he told the site that “in just 24 hours, he saw 620 million “check ins,” or connections, from around 2.1 million unique devices. S Suggests has a bunch of permissions, including rebooting the phone remotely and installing apps or packages. Someone with bad intentions could have grabbed that domain and to nasty things to the phones,” he said.

Samsung disputes the claim, saying that although it let the domain lapse, control over the domain “does not allow you to install malicious apps, it does not allow you to take control of users’ phones.”

Even if Samsung is correct — that control of the domain doesn’t automatically grant those privileges — it’s still a major security risk. A malicious hacker could quite possibly use the domain to get control over the S Suggest app itself, and then abuse the permissions of the app to make it work in ways Samsung never imagined.

Luckily, all of this should remain strictly hypothetical, as Gouveia has agreed to had the domain back over to Samsung. But more than anything, it’s a reminder that security is a long-term game. After all, the bulk of the computers caught up in the recent ransomware storm were running old versions of Windows XP.




Popular News