Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could've registered the domain and installed malicious apps on the phones.

what happens if a company goes under

[redback]

What would have happened with something like this if a company goes under?

We almost need a charity foundation of some sort to maintain domains like this in that situation.

Re:what happens if a company goes under

[DickBreath]

Maybe there needs to be a mechanism to disable the app. Or updates to the app. Or further downloads. Etc.

Then there needs to be an officer in the company who is responsible to activate this mechanism in the event that the company ceases operations. Prior to that happening, the product manager of the affected product would be responsible to use this mechanism to disable further updates to the app when it is being discontinued.

Zero risk if done right

[OrangeTide]

It doesn't matter who controls or hijacks your domain because DNS is not an authoritative source of information. You go through numerous unsigned caches before you get queries through.
If you write software without your head up your ass you'd use a certificate on the app to check every interaction with the server before you trust it.
 

Why did they even need a separate domain for this?

[ZorinLynx]

You'd think they could have instead used "ssuggest.samsung.com" or similar, rather than registering an entirely separate domain for what is essentially a minor feature on a phone.

The nice thing about DNS is that it was designed PRECISELY TO BE USED THIS WAY, being able to establish a hierarchy so that an entity can organize all their hostnames/services in one hierarchy.