Continuing our terrifying tales for Halloween, we are looking at companies who let their domain lapse, what happened to the domain and what Lexsynergy would have advised to recover it.

This time we will be looking at Samsung, the world’s most popular smartphone manufacturer, who it was claimed had left millions vulnerable due to  allowing a single domain to lapse.

On many of Samsung’s older mobile phones there was an app installed called S Suggest. Before responsive design became the norm, many apps existed that essentially took information from one website and formatted it so it was suitable for a smartphone device. S Suggest was one such app that served up stock market information, taking the information from ssuggest.com.

Lexsybergy halloween post - samsung

In 2014 the app was discontinued and three years later the domain was allowed to lapse. The domain was re-registered by João Gouveia, who is the chief technology officer at AnubisNetworks, a firm that offers email security.

Gouveia claims in just 24 hours, he saw 620 million "check ins," from around 2.1 million unique devices and, because the app has permissions that included installing apps and packages, had someone else bought the domain they could've pushed backdoored or malicious apps directly to millions of Samsung phones. This is a claim which Samsung denied stating that although the domain was taken over, control of the domain "does not allow you to install malicious apps, and it does not allow you to take control of users' phones."

What would Lexsynergy have advised?

“This story was widely publicised at the time and considering the domain's buyer works for an email security company it is not hard to imagine he may have overstated the threat to gain publicity. Depending how the app was set up, it is certainly possible that with domain control, you would also get email control and then use this to gain access to potentially sensitive information.” says Robert White, Brand Protection Manager.

“One highly targeted area by criminals are domains associated with marketing promotions and dissolved companies. Criminals look for websites that are likely to have high traffic and so a promotion which may have stopped running is a good site to resurrect and will be used to take people’s personal information. Similarly, when a business is dissolved or goes into liquidation it becomes a prime target for criminals. Through access to your domains they may also gain access to your sensitive information and emails.

In a case like this, although there is a debate as to how much damage the app could do, the reputational damage has already been done. There is not necessarily any gain in buying back the domain but it highlights the benefit of having all domains centralised and categorised so you can understand what needs to be renewed from a brand protection point of view.”

Lexsynergy are an accredited registrar who offer over 1000 domains and can help you to buy, block and secure your domain portfolio. Get in touch with Scott today to find out more. scott@lexsynergy.com