Samsung S Suggest App: Millions Of Users At Risk Of Attack After Company Failed To Review Domain

Samsung left millions of its customers at risk by failing to renew its registration for a domain name that was used to control a stock app that comes preinstalled on a number of older devices, Motherboard reported.

Samsung’s S Suggest app, which has since been discontinued, was used to recommend other apps that may be of interest to the user. A domain used to control the app, ssugest.com, was allowed to expire, allowing anyone to purchase the domain and manipulate the app.

Read: Tizen Zero-Days: Samsung Operating System Prone To Attacks, According To Security Experts

With the domain back on the market, a malicious actor could have registered the domain and gained unprecedented access to millions of smartphones and tablets. Samsung currently holds more than 20 percent of the total smartphone market, and many of those devices have the company’s S Suggest app installed.

Had a hacker gained control of the Samsung domain, malicious code could have been pushed through the app. Because the S Suggest app is used to make recommendations, an attacker could also abuse the service to encourage users to install other compromised apps that may allow even greater access to the device.

S Suggest also has a considerable amount of high-level access to a device, thanks to Samsung preinstalling the app on millions of its devices. The app allows for rebooting the phone remotely and installing apps or packages, which are assumed to be trusted.

Luckily for Samsung, not just anyone picked up the domain. It was acquired by João Gouveia, the chief technology officer at security firm Anubis Labs. The security expert has vowed to hold on to the domain and will return it to Samsung if they want to regain control of it.

Read: Samsung Opens Tizen Mobile App Incentive Program Ahead Of Release Of New Tizen Smartphones

Once taking control of the domain, Gouveia saw just how much people use the S Suggest app on their Samsung handsets. He told Motherboard he saw 620 million connections from around 2.1 million unique devices.

The failure to renew or reregister the S Suggest-associated domain name is just the latest in what has become a mounting number of instances where Samsung has appeared lax in its security protocols and put users at risk.

Perhaps most jarring of those instances comes from Samsung’s own operating system Tizen. Built as part of the company’s long-term plan to wean off Android and create its own, proprietary ecosystem, the Tizen OS was discovered by researchers to be filled with security flaws.

Researchers found more than 40 zero-day exploits — vulnerabilities that have not yet been disclosed or patched — in Tizen, many of which could be carried out remotely and would require no direct interaction to compromise a device.

Researchers also found vulnerabilities within the TizenStore, the Samsung equivalent to the Google Play Store on Android or App Store on iOS. A flaw in the marketplace’s design would allow a bad actor to hijack the software and spread malicious code to other Tizen-powered devices like Smart TVs.

More than 30 million devices run Tizen, including Samsung’s Smart TVs, its Galaxy Gear smartwatch line and some phones in countries like Russia, Bangladesh and India. Samsung said it intends to have 10 million smartphones running Tizen in the wild by year’s end after selling 3 million smartphones powered by the OS in 2016.