Millions of Samsung Mobile Phones Vulnerable Hacked?
image from reuters |
The domain is used to control a popular stock app called S Suggest, which is already installed on the old Samsung model phone. According to Joao Gouveia, CTO cyber security company Anubis Labs who bought the domain said that Samsung recently allowed the domain despite expiration.
Researchers took over the domain on Monday, June 12, 2017 and within 24 hours, recorded 620 million 'check in' from more than 2.1 million devices.
Gouveia says that the domain has several permissions, including installing apps or reboot devices, which are potentially abused by hackers.
"Someone with bad intentions can just grab the domain and do bad things on the phone," Gouveia told Motherboard.
However, Samsung denied Gouveia's claim. The technology giant says that controlling the domain will not allow you to install malicious apps, not allowing you to control the user's phone. The company stopped S Suggest in 2014.
However, Gouveia's claim is supported by another independent security researcher, Ben Actis, who says that if the domain is taken over by hackers, millions of Samsung devices could be vulnerable to backdoor and malicious applications.
Actis also said that an evil person can install whatever they want, once Samsung allows the domain to expire.
"They (Samsung) are failing .This app can definitely install other apps," said Actis.
However, current Samsung users are safe from hackers' targets because the domain is now under Gouveia control. Researchers say that he is willing to give the domain back to Samsung.
It remains unclear why Samsung allows such domains to expire. Similarly, how long the domain is dormant before being purchased by Gouveia.
Samsung's latest security flaw comes after a security researcher invented a new technology giant mobile operating system full of vulnerabilities, which is even considered a bad code ever seen.
Comments
Post a Comment