An technical oversight may have left millions of Samsung customers vulnerable to hackers. According to Motherboard, security researchers believe that the tech giant forgot to register a domain name and opened up the possibility of its smartphones to be hacked.
Older Samsung phones apparently have a stock app called S Suggest. Samsung let the domain name ssuggest.com expire. According to the guy who bought the domain, João Gouveia, the company basically gave the new domain owner an opportunity to push out malicious apps. "Someone with bad intentions could have grabbed that domain and do nasty things to the phones," Gouveia, who is the chief technology officer at Anubis Labs, said.
Samsung disputed this claim with Motherboard and said that owning the domain "does not allow you to install malicious apps, it does not allow you to take control of users' phones."
Ben Actis, an independent security researcher who has studied Android, agrees wih Gouveia. "They fucked up," Actis said of Samsung. "The app can definitely install other apps."
Gouveia says that he's willing to give the domain back.