FORUMS

[Q] Data traffic to svc.spd.samsungdm.com

1 posts
Thanks Meter: 0
 
By arcasinky, Junior Member on 18th May 2014, 02:27 PM
Post Reply Subscribe to Thread Email Thread
Hi. I hope this is the appropriate forum...

I have an i747 running stock AT&T firmware. Un-rooted.

Over the last few weeks, I've noticed that my battery drain has increased and often my phone will be warm when I'm not near WIFI suggesting that the radio is active. I've also noticed that when I'm not connected to WIFI, the 4G/LTE icon at the top often indicates that there's data activity in progress.

So I set up a sniffer on my firewall to monitor the phone's data traffic when on WIFI. Here's what I found:

Within seconds of enabling WIFI on the phone, it appears that there are a handful of DNS requests. Most are for google apps (mtalk.google.com and a few others). Those aren't surprising. Then there are a number of lookups for svc.spd.samsungdm.com which maps to a pair of servers in the amazon cloud.

Immediately following that is a back-and-forth stream of HTTPS traffic to these samsungdm.com servers. I've been monitoring for the last 30 minutes while my phone has sat idle on the table with the screen turned off and this back-and-forth traffic has not stopped.

Google doesn't turn up much info about this domain. Any ideas what this is and why it's so chatty?
 
 
13th June 2015, 07:13 PM |#2  
Member
Flag Rochester
Thanks Meter: 22
 
More
I know this is an old thread, but I just recently started to investigate this issue as well. I have found that those servers are related to SELinux policy updates within the Touchwiz framework. A packet is sent to the server to initiate a request through TLSv1.2, the servers exchange keys and then a packet is sent to see if the policies are up-to-date or not. If not, i'm assuming that policies are then sent directly to the device over https(port 443). If you have auto update on for SELinux policies, then you will most likely see a good amount of battery drain.

I started to look into this issue because if you can attempt to get your device to download a malformed security policy, then you could possibly bypass SELinux and Samsung KNOX as well. I'm not totally sure but it sure would help out a lot.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes