Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday June 16 2017, @02:16AM   Printer-friendly
from the another-day-another-attack-surface dept.

Samsung computer phones used to have a stock app called S Suggest. Then Samsung didn't renew the domain that controls it, having made it possible for villains to register the domain and malware infest millions of computer phone users... had they spotted the opportunity.

Samsung, the most popular smartphone maker in the world, left millions of customers vulnerable to hackers after it let expire a domain that was used to control a stock app installed on older devices, security researchers say.

If you own an older Samsung smartphone, chances are you have a stock app designed to recommend other popular apps named S Suggest installed on it. The company says it discontinued S Suggest in 2014, and it recently let one of the domains used to control the app—ssuggest.com—expire, according to a security researcher who took over the domain.

By letting the domain expire, Samsung effectively gave anyone willing to register it a foothold inside millions of smartphones, and the power to push malicious apps on them, according to João Gouveia, the chief technology officer at Anubis Labs. Gouveia says he took over the domain Monday.

[...] Gouveia said that in just 24 hours, he saw 620 million "check ins," or connections, from around 2.1 million unique devices. S Suggests has a bunch of permissions, including rebooting the phone remotely and installing apps or packages.

This is on parity in severity with CVE-2015-2865 from 2015-06-17 when updates were not authenticated properly.

That is unless the phone goes into mission impossible flight mode and self destructs as in 2016-09-08.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday June 16 2017, @03:56AM (1 child)

    by Anonymous Coward on Friday June 16 2017, @03:56AM (#526306)

    That is unless the phone goes into mission impossible flight mode and self destructs as in 2016-09-08.

    They'll put this into phones sooner or later, so you have to buy a new one, considering every company is working it out so that all software, even operating systems, is "subscription-based" and so you don't control any computer involved without their permission anymore.

  • (Score: 2) by c0lo on Friday June 16 2017, @06:28AM

    by c0lo (156) Subscriber Badge on Friday June 16 2017, @06:28AM (#526335) Journal

    That is unless the phone goes into mission impossible flight mode and self destructs as in 2016-09-08.

    They'll put this into phones sooner or later, so you have to buy a new one, considering every company is working it out so that all software, even operating systems, is "subscription-based" and so you don't control any computer involved without their permission anymore.

    Samsung already tried it, the cheapest version of self-destruct.
    They'll need to try some more, the cheapest approach (the wonder battery) was waaayy too effective.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford