Samsung has jeopardized millions of its customers, forgetting to extend the registration of the domain used to manage the stock application on older Samsung mobile devices.

It's about the domain ssuggest. Com, used to manage the pre-installed application S Suggest. The program was delivered with older smartphones and was intended to recommend users of popular applications that could interest them. Support S Suggest ended in 2014, and recently expired term registration of the domain ssuggest. Com.

Forgetting to extend the term of domain registration, Samsung has provided an opportunity for cybercriminals to register it themselves and gain access to millions of devices. This is exactly what Joao Gouveia of Anubis Labs did. The expert reported on the problem of Samsung, but the company did not agree with the arguments he cited. As representatives of Samsung said, the presence of control over the domain "does not allow you to install malicious applications and gain control over the smartphones of users," writes Motherboard.

According to Gouveia, for 24 hours he recorded 620 million requests from 2.1 million unique devices. Samsung is mistaken, believing that control of the domain does not allow attacking smartphones, confident independent researcher Ben Actis (Ben Actis).

S Suggest has a number of permissions, including remote device reboot and application installation. If the domain control passed into the hands of not Guwei, but a cybercriminal, he could safely install backdoors or malicious applications on devices.

While the domain is in the hands of the researcher, users of obsolete Samsung smartphones have nothing to fear. True, Gouveia is ready to return his company. "I hope they will not lose it again," the expert said..