Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Samsung's Tizen OS is a hacker's dream with 40 zero-day vulnerabilities

By Cookie Monster - on 5 Apr 2017, 12:00am

Samsung's Tizen OS is a hacker's dream with 40 zero-day vulnerabilities

Samsung's Tizen OS, which is widely believed to be an Android replacement for its devices in the future, needs a major overhaul of its code base due to serious security flaws.

Following reports of CIA having tools to hack into Tizen-powered Samsung Smart TVs, Israeli researcher Amihai Neiderman carried out his own investigation and discovered 40 zero-day vulnerabilities in the code base. A zero-day vulnerability is defined as an unknown exploit that hackers can take advantage to plant virus, Trojan horse or malware.

What makes these vulnerabilities especially worrying is the fact that hackers can take control of a Tizen-powered device via remote-code execution without the need for a device's physical address. The most critical vulnerability lies with the design of the Tizen Store, which allows hackers to deliver malicious code to Tizen devices. 

Neiderman was very critical about the Tizen OS, which he stated as outdated and borrowed from Bada OS. Most of the vulnerabilities were also found in codes written within the past two years.

"It may be the worst code I've ever seen," he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

He tried contacting Samsung a few months ago, but only got an automated email reply. Only after news broke on these vulnerabilities did Samsung sent the following statement:

"We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks."

Tizen is currently running on more than 30 million Samsung Smart TVs and can also be found in the company's wearables and smartphones. The Tizen OS will also be making its way into smart washing machines and refrigerators in the near future.

Reaching out to our local Samsung representatives, for now, they would like to reassure current and future Tizen OS based product users of their reassurance to safety and security:-

"Samsung Electronics takes security and privacy very seriously.
 We regularly check our systems and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue.
 We continually provide software updates to consumers to safeguard their products."

Source: motherboard.vice via SamMobile