World’s most popular smartphone manufacturer Samsung left a huge number of devices vulnerable to hackers, a research has claimed. Samsung reportedly failed to review the domain of an app which came pre-installed on the phones, according to a security researcher. Joao Gouveia, the chief technology officer at Anubis Labs, in an interview with Motherboard, has said that there is a large opportunity for hackers to compromise millions of smartphones. Gouveia had recently purchased the expired domain. Samsung smartphones launched in 2014 or before came with an app called S Suggest, whose primary purpose was to recommend apps to users based on the pre-installed apps. Samsung, however, discontinued the S Suggest app in 2014, but the company left the domain to expire and never renewed it.
By allowing the app called Suggest.com’s domain to expire, the security researcher was able to control the domain. This essentially means that hackers could use the domain to compromise millions of Samsung devices. In a 24 hour timeline, Gouveia discovered that there were 620 million connections from around 2.1 million devices that attempted to retrieve content from the domain. All this shows that millions of devices were left to get compromised. “Someone with bad intentions could have grabbed that domain and to nasty things to the phones,” Gouveia told Motherboard.
Meanwhile, Samsung has denied the claim. The tech giant has said that the access to the domain “does not allow you to install malicious apps, it does not allow you to take control of users’ phones.” If the claim is true, Samsung will face such an awkward situation for the second time. A few months back, a security researcher had accused Samsung’s Tizen operating system to be less secure than it is perceived to be. Israeli researcher Amihai Neiderman described Samsung’s Tizen OS as possibly “the worst code (He’s) ever seen,” due to multiple bugs and critical vulnerabilities.