SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Security researcher says that Tizen is a hacker’s dream, has 40 unknown zero-day vulnerabilities

Phone
By 

Last updated: April 3rd, 2017 at 23:33 UTC+02:00

Samsung plans to reduce its reliance on Android by launching Tizen-powered smartphones, smartwatches, fitness trackers, and TVs. However, the company’s Android alternative seems to have serious security related issues. A security researcher has found 40 zero-day vulnerabilities in Tizen, making millions of smartphones, smartwatches, and TVs vulnerable to hacking.

After it had came to notice last month that CIA could hack Tizen-powered Samsung smart TVs, an Israeli security researcher Amihai Neiderman managed to find 40 zero-day vulnerabilities in Tizen’s code base. These vulnerabilities would allow someone to remotely hack a Tizen-powered device. Moreover, unlike the CIA hack, these newfound vulnerabilities (also known as remote code execution) do not need a device’s physical address.

“It may be the worst code I’ve ever seen. Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”

Of all the vulnerabilities, Neiderman found one particular design flaw inside the Tizen store, which is said to be critical. According to Neiderman, this vulnerability allowed him to hijack the software to deliver malicious code into his Samsung TV. Since the Tizen Store has the highest privileges, it can be used by a hacker as a Holy Grail for abuse.

Amihai Neiderman, who heads research at Equus Software, first started studying Tizen’s security issues when he purchased a Tizen-powered Samsung smart TV. Once he found out how badly written his TV’s code is, he bought a bunch of smartphones to test Tizen. He says that a lot of Tizen’s code base is old and borrowed from Bada OS, but most of the vulnerabilities he found were from the code that was written within the last two years.

“You can see that they took all this code and tried to push it into Tizen,” Neiderman says.

Samsung says that it is now in contact with Neiderman to solve all the vulnerabilities and security issues in Tizen’s code. He also suggests that Samsung should reconsider deploying Tizen in phones before doing a major overhaul of the code. 

 

Source PhoneTVWatch Tizen
Load 11 comments

You might also like

Samsung’s new smart TVs are more than just content consumption devices

Samsung has been adding lots of features to its smart TVs over the past few years, but most of them were related to content consumption. Ever since the COVID-19 pandemic forced work-from-home situations, the company ensured that its TVs are more than content consumption devices. First up, Samsung added an improved Ambient Mode to its […]

  • By Asif Iqbal Shaik
  • 3 months ago

We checked out Samsung’s Tizen-powered Smart Monitor M8 at CES 2022

CES 2022 came and went, but it left us with tons of exciting products to explore and look forward to. One such product was the Samsung Smart Monitor M8. Despite its rather uninspiring name, the Smart Monitor M8 is a beast of an all-in-one monitor powered by none other than the Tizen platform. Mind you, […]

  • By Mihai Matei
  • 7 months ago

Tizen Store no longer accessible on Tizen smartphones

Although Tizen continues to be one of the largest smart TV platforms in the world, its smartphone variant hasn’t been doing particularly well. We haven’t seen a Tizen-based smartphone in forever and we’re unlikely to see one anytime soon. Now, the Tizen smartphone experience gets its final nail in the coffin. It seems that the […]

  • By Anil Ganti
  • 7 months ago

Is it time for Samsung to ditch Tizen in favor for Android TV?

Samsung unveiled its new smart TVs earlier today, and they are still running Tizen OS. Despite completely switching to Android for its phones and Wear OS for its smartwatches, the South Korean firm is still clinging to Tizen for its smart TVs and other smart home products. Is it time to pull the plug on […]

  • By Asif Iqbal Shaik
  • 7 months ago

Google’s first Wear OS 3 smartwatch almost looks like a Galaxy Watch 5

Samsung and Google joined forces earlier this year to co-develop Wear OS 3 for a new generation of smartwatches. Samsung abandoned Tizen OS for wearables in favor of Wear OS 3 as a result, but this massive change has allowed the Korean tech giant to retain some exclusivity over the new OS version. The Galaxy […]

  • By Mihai Matei
  • 8 months ago

Samsung is opening up Tizen OS to other TV brands

Samsung unveiled a lot of new stuff related to its software and services at the ongoing SDC 21 event. Alongside announcing improvements to Bixby, Samsung Health, Samsung Knox, SmartThings, and Tizen, the company also said that it is opening up Tizen OS to other TV brands. TV manufacturers can now use Samsung’s Tizen TV Platform […]

  • By Asif Iqbal Shaik
  • 10 months ago