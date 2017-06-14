Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain (vice.com) 22
An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could've registered the domain and installed malicious apps on the phones.
what happens if a company goes under (Score:3)
What would have happened with something like this if a company goes under?
We almost need a charity foundation of some sort to maintain domains like this in that situation.
Then there needs to be an officer in the company who is responsible to activate this mechanism in the event that the company ceases operations. Prior to that happening, the product manager of the affected product would be responsible to use this mechanism to disable further updates to the app when it is being discontinued.
ah, script kiddies newest target, that mechanism. render massive slice of a market unable to use their internet dependent product.
You can disable any app in Android. Instead of "uninstall" you'll see a button to uninstall updates, then if you uninstall updates you'll see a button to disable the app.
It doesn't matter who controls or hijacks your domain because DNS is not an authoritative source of information. You go through numerous unsigned caches before you get queries through.
If you write software without your head up your ass you'd use a certificate on the app to check every interaction with the server before you trust it.
Why did they even need a separate domain for this? (Score:3)
You'd think they could have instead used "ssuggest.samsung.com" or similar, rather than registering an entirely separate domain for what is essentially a minor feature on a phone.
The nice thing about DNS is that it was designed PRECISELY TO BE USED THIS WAY, being able to establish a hierarchy so that an entity can organize all their hostnames/services in one hierarchy.
But "Touchwiz isn't so bad..." (Score:2)
Plus all of those Samsung crap apps.
That's why I use stock Android on my Nexus, and my next phone will be a Pixel. It's a shame because the Samsung hardware is really nice (except the Galaxy S7 of course).