- Get link
- Other Apps
Millions of Samsung smartphones vulnerable to hacking, claims researcher: Company denies
NEW DELHI: Despite being among the world’s leading technology
companies, it seems that Samsung hasn’t done enough to secure its
smartphones against hackers.
According to a report by a security researcher, the company has failed to review the domain of an app that comes pre-installed on Samsung devices.
6 tips to protect yourself from becoming a ransomware victim.
According to a report by a security researcher, the company has failed to review the domain of an app that comes pre-installed on Samsung devices.
Chief technology officer at Anubis Labs, Joao Gouveia told Motherboard website in an interview that there a huge possibility for hackers to compromise millions of devices as Samsung has forgotten to renew the domain, which was used to control the stock app installed on its devices.
It’s worth mentioning that Samsung smartphones launched in 2014 came with a pre-installed app called S Suggest. The main task of the app was to suggest apps to the users on the basis of their pre-installed apps. However, the South Korean manufacturer discontinued the app in 2014 and left the domain to expire, not renewing it.
As the app’s domain expired, the security researcher was able to control it. This means that hackers can also use the domain to compromise millions of Samsung smartphones out there.
Gouveia told Motherboard website that in the time span of 24 hours, he discovered that there were 20 million connections from around 2.1 million devices, which attempted to revive the content from the domain. This entire scenario highlights that numerous millions of devices were left vulnerable to the hackers.
Nevertheless, Samsung has rejected all these claims and also released an official statement for the same. The company said, “The access to the domain does not allow you to install malicious apps, it does not allow you to take control of users’ phones.”
Back in April this year, Samsung faced a similar situation when a security researcher revealed that its Tizen operating system is not as secure as thought.
Speaking to Motherboard website, an Israeli researcher named Amihai Neiderman revealed that Samsung’s Tizen OS has the worst code he has ever seen.
Source:
According to a report by a security researcher, the company has failed to review the domain of an app that comes pre-installed on Samsung devices.
6 tips to protect yourself from becoming a ransomware victim.
-
- This weekend’s global online extortion attack reinforces the need
for businesses and other large organizations to update their computer
operating systems and security software, cybersecurity experts said. The
attack largely infected networks that used out-of-date software, such
as Windows XP, which Microsoft no longer offers technical support for.
“There’s some truth to the idea that people are always going to hack
themselves,” said Dan Wire, a spokesman for security firm FireEye.
“You’ve got to keep your systems updated.” The attack that authorities
say swept 150 countries this weekend is part of a growing problem of
“ransomware” scams, in which people find themselves locked out of their
files and presented with a demand to pay hackers to restore their
access. Hackers bait users to click on infected email links, open
infected attachments or take advantage of outdated and vulnerable
systems.
This weekend’s virus was particularly virulent, because it could spread to all other computers on a network even if just one user clicked a bad link or attachment. Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime. Here are five tips to make yourself a less-likely victim. - Once your files are encrypted, your options are limited. Recovery from backups is one of them. “Unfortunately, most people don’t have them,” Abrams says. Backups often are also out of date and missing critical information. With this attack, Abrams recommends trying to recover the “shadow volume” copies some versions of Windows have. Some ransomware does also sometimes targets backup files, though. You should make multiple backups — to cloud services and using physical disk drives, at regular and frequent intervals. It’s a good idea to back up files to a drive that remains entirely disconnected from your network.
- The latest ransomware was successful because of a confluence of factors. Those include a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. Updating software will take care of some vulnerability. “Hopefully people are learning how important it is to apply these patches,” said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. “I hope that if another attack occurs, the damage will be a lot less.” The virus targeted computers using Windows XP, as well as Windows 7 and 8, all of which Microsoft stopped servicing years ago. Yet in an unusual step, they released a patch for those older systems because of the magnitude of the outbreak. “There’s a lot of older Windows products out there that are ‘end of life’ and nobody’s bothered to take them out of service,” said Cynthia Larose, a cybersecurity expert at the law firm of Mintz Levin.
- Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Low-end criminals take advantage of less-savvy users with such known viruses, even though malware is constantly changing and antivirus is frequently days behind detecting it.
- Basic protocol such as stressing that workers shouldn’t click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don’t have unnecessary access to parts of the network that aren’t critical to their work. This helps limit the spread of ransomware if hackers do get into your system.
- Some organizations disconnect computers as a precautionary measure. Shutting down a network can prevent the continued encryption — and possible loss — of more files. Hackers will sometimes encourage you to keep your computer on and linked to the network, but don’t be fooled. If you’re facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks. There’s also no guarantee all files will be restored. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost. Ryan O’Leary, vice president of WhiteHat Security’s threat research center, points out that this weekend’s hackers weren’t asking for much, usually about $300. “If there is a silver lining to it, you’re not out a million dollars,” he said. Still, “My answer is, never pay the ransom,” Abrams said. “But at the same time, I also know that if you’re someone who’s been affected and you’ve lost all your children’s photographs or you’ve lost all your data or you lost your thesis, sometimes $300 is worth it, you know?”
- This weekend’s global online extortion attack reinforces the need
for businesses and other large organizations to update their computer
operating systems and security software, cybersecurity experts said. The
attack largely infected networks that used out-of-date software, such
as Windows XP, which Microsoft no longer offers technical support for.
“There’s some truth to the idea that people are always going to hack
themselves,” said Dan Wire, a spokesman for security firm FireEye.
“You’ve got to keep your systems updated.” The attack that authorities
say swept 150 countries this weekend is part of a growing problem of
“ransomware” scams, in which people find themselves locked out of their
files and presented with a demand to pay hackers to restore their
access. Hackers bait users to click on infected email links, open
infected attachments or take advantage of outdated and vulnerable
systems.
According to a report by a security researcher, the company has failed to review the domain of an app that comes pre-installed on Samsung devices.
Chief technology officer at Anubis Labs, Joao Gouveia told Motherboard website in an interview that there a huge possibility for hackers to compromise millions of devices as Samsung has forgotten to renew the domain, which was used to control the stock app installed on its devices.
It’s worth mentioning that Samsung smartphones launched in 2014 came with a pre-installed app called S Suggest. The main task of the app was to suggest apps to the users on the basis of their pre-installed apps. However, the South Korean manufacturer discontinued the app in 2014 and left the domain to expire, not renewing it.
As the app’s domain expired, the security researcher was able to control it. This means that hackers can also use the domain to compromise millions of Samsung smartphones out there.
Gouveia told Motherboard website that in the time span of 24 hours, he discovered that there were 20 million connections from around 2.1 million devices, which attempted to revive the content from the domain. This entire scenario highlights that numerous millions of devices were left vulnerable to the hackers.
Nevertheless, Samsung has rejected all these claims and also released an official statement for the same. The company said, “The access to the domain does not allow you to install malicious apps, it does not allow you to take control of users’ phones.”
Back in April this year, Samsung faced a similar situation when a security researcher revealed that its Tizen operating system is not as secure as thought.
Speaking to Motherboard website, an Israeli researcher named Amihai Neiderman revealed that Samsung’s Tizen OS has the worst code he has ever seen.
Comments
Post a Comment