An expired Samsung domain reportedly left users unprotected according to security researchers. The domain was used to control a native app that Samsung was pre-installing on its devices, and through the use of the domain it's said that Hackers could have pushed app installs to unsuspecting users who still had the application installed. The app was called S Suggest and its main purpose was to send people recommendations on other apps it thought they might want to check out, so presumably anyone who got a hold of the domain and had ill-intentions could have sent apps to people's devices and users would be none the wiser, as things would seemingly come in looking like a normal app recommendation.
The good news for users is that the domain is reportedly under the control of Anubis Labs' Chief Technology Officer João Gouveia, who is said to have had control of the domain since the beginning of this week and merely wanted to bring this to Samsung's attention, but more so to the attention of consumers who may have a device with this app installed. Gouviea also says that he would be willing to give the domain back to Samsung if they requested it.
Samsung has reportedly denied that the domain for S Suggest has this capability but Gouveia seeks to bolster his claim with a screenshot that displays the kinds of permissions that are requested by the application, which includes permissions for forcing a reboot of the device, directly installing applications, deleting applications, and retrieving a list of running applications just to name a few. What could have made this all the more troubling if the domain fell into the wrong hands, at least according to Gouveia, is that scale of access which a hacker could have obtained, as Gouveia notes that within 24 hours of his gaining control of the S Suggest domain there were around 620 million check-ins from devices with the app. While Samsung users don't seem to be in any danger from this particular situation, it illustrates the ever-increasing importance to keep mobile devices and the information on them as safe and secure as possible.