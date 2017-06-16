There’s an obvious beef to be had with Samsung’s software as we’ve found out from Motherboard about some very shoddy code on Tizen. The chaebol was put on resistive defense and it left us asking where the beef really was.

This time around, we come to part deux and what’s supposedly a major vulnerability involving a lapsed domain.

João Gouveia, CTO of Anubis Labs, recently found that Samsung had dropped ownership of the ssuggest.com domain it owned for many years. The “S Suggest” feature it linked to had access to credentials and sensitive information for those who opted into suggestions for apps. A malicious actor could’ve easily snatched the domain and reworked a server to not only suggest but install malware and boot process on the 2.1 million Android devices the service was logged into.

In an initial response, the chaebol responded by saying that:

control of the domain ‘does not allow you to install malicious apps, it does not allow you to take control of users’ phones.’

Gouveia and at least one independent Android security researcher have been able to track down possibilities of such things happening.

Meanwhile, Anubis’s top tech brass is willing to give the domain back to the company, but some damage in reputation may need more time to fix.