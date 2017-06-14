Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Android Security News

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain (vice.com) 22

Posted by msmash from the security-woes dept.
An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could've registered the domain and installed malicious apps on the phones.

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain More | Reply

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

Comments Filter:

  • what happens if a company goes under (Score:3)

    by redback ( 15527 ) on Wednesday June 14, 2017 @05:43PM (#54621633)

    What would have happened with something like this if a company goes under?

    We almost need a charity foundation of some sort to maintain domains like this in that situation.

    • Maybe there needs to be a mechanism to disable the app. Or updates to the app. Or further downloads. Etc.

      Then there needs to be an officer in the company who is responsible to activate this mechanism in the event that the company ceases operations. Prior to that happening, the product manager of the affected product would be responsible to use this mechanism to disable further updates to the app when it is being discontinued.

      • ah, script kiddies newest target, that mechanism. render massive slice of a market unable to use their internet dependent product.

      • You can disable any app in Android. Instead of "uninstall" you'll see a button to uninstall updates, then if you uninstall updates you'll see a button to disable the app.

      • Re: (Score:2)

        by vlad30 ( 44644 )
        It should also be much more difficult to register a domain especially a domain that has been used before. That registration fee should entail some actual work on the part of the domain registrar to fact check the applicant and potential use and removal if the use is nefarious. imagine how many fewer scam and spam website would exist if they actually did this
    • The app can use certificate pinning. If someone else puts a new server up on the domain name the certificate will not match the expected one from the old site and the app will refuse to connect to it.
  • Left vulnerable by NEVER updating the operating systems on phones other than Flagship. I remember stage fright, they promised a security release. Still waiting on my 4.4.1.

  • It doesn't matter who controls or hijacks your domain because DNS is not an authoritative source of information. You go through numerous unsigned caches before you get queries through.
    If you write software without your head up your ass you'd use a certificate on the app to check every interaction with the server before you trust it.
     

  • You'd think they could have instead used "ssuggest.samsung.com" or similar, rather than registering an entirely separate domain for what is essentially a minor feature on a phone.

    The nice thing about DNS is that it was designed PRECISELY TO BE USED THIS WAY, being able to establish a hierarchy so that an entity can organize all their hostnames/services in one hierarchy.

  • Plus all of those Samsung crap apps.

    That's why I use stock Android on my Nexus, and my next phone will be a Pixel. It's a shame because the Samsung hardware is really nice (except the Galaxy S7 of course).

Slashdot Top Deals

All science is either physics or stamp collecting. -- Ernest Rutherford

Close