Samsung got another issue, now with app S Sugest. Samsung has forgot to renew its domain ssugest.com, which is used by S Sugest app. After domain expired, it was registered by Joao Gouveia from Anubis Networks, as informed Motherboard company. After exploding Samsung’s Galaxy Note 7 batteries, this would be another cause, if this domain was registered by hackers. Samsung does not include S Sugest app on its Android smartphones since 2014, but it looks like it is still preinstalled on many older Samsung’s Android devices.
S Sugest still contacts mentioned URL – in the last 24 hours were recorded 620 000 000 connections from 2 100 000 devices. Hackers would be able to push malevolent software into Android devices with S Sugest app installed.
Motherboard did not inform, what means installing malevolent software from mentioned domain or which communication protocol is used between domain and S Sugest app. Also, if malevolent apps could be autodownloaded or only offered to download, is unclear.
S Sugest app got permission to install another apps on device. This does not automatically means, that domain can push malevolent software into affected devices, but you should pay attention.
Another expert Ben Actis said, that this app can install other apps to device, but it is still uncertain, if this claim is based on given permission, as said above, or this app can really download malevolent apps by controlling ssugest.com domain.
Samsung itself said, that “controlling this domain does not allow to install malware or to take control over smartphones”. Anyway, just imagine, if this domain was registered by hackers, how big security impact it could be? I think, that these hackers also could monitor some aspects of behavior of its users on Internet, like IP addresses of smartphones or even GPS data. If you have S Sugest app installed, just consider if it’s worth and optionally uninstall it.