Information security services specialists say that many of the millions of Samsung smartphone users worldwide could have wrongly implemented firmware updates, which could have negatively impacted the device’s performance, as well as incurring economic costs in a process that should be free.
According to reports, more than 10 million users of these devices have installed an app called “Updates for Samsung”, available on the Google Play Store. In its description, the developers claim that this app provides firmware updates for these devices; however, the app redirects users to a website that offers firmware downloads for payment, as well as being plagued by advertising.
At the time of writing these words, the app was still available in the Play Store, which worries information security services experts. “Many users try to keep our devices updated as an information security measure, it is worrying that this could be exploited by profit-making threat actors”, says Aleksejs Kuprins from the security firm CSIS Security Group.
It is important that users install firmware updates that manufacturers release periodically, as they help keep the device secure and working to its full potential, therefore such incidents have a negative influence in mobile devices’ security.
According to information security services experts from the International Institute of Cyber Security (IICS), the app does provide users with a way to find download and install Samsung smartphone firmware updates. However, this is done under a payment scheme, demanding an annual fee of $35 USD, with Samsung re-launching these updates for free.
A determining factor in this incident is the fact that the app is in the Play Store because, being a platform that only hosts verified developer apps it is easy for a user to install any available development. It is no surprise to experts that smartphone users install applications on their devices that seem to provide security tools or operating system add-ons. “It’s important for users to learn to differentiate between manufacturer-released updates and the apps and sites that offer these services,” Kuprins says.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.