Save up to $1,100 on Galaxy S24 Ultra!
Amazon Black Friday is here
The Amazon Black Friday deals are here early, enjoy the best discounts of the year now.
00 days
00 hrs
00 mins

Samsung's Tizen OS is a hacker's dream, security researcher exposes 40 unknown vulnerabilities

By
23comments
Google News Follow
Follow us on Google News
Samsung Tizen

Last month, whistle-blowing site WikiLeaks published thousands of documents which revealed the various methods that the CIA uses to break into electronic devices. Most of the hacking tools targeted smartphones and computers, but many people were surprised to find out that even Samsung Smart TVs are open to vulnerabilities.

However, the latest revelations from one Israeli security researcher suggest that your Smart TV isn't the only Samsung device that can be exploited. Amihai Neiderman, head of research at Equus Software, has discovered that the Tizen operating system which is used on millions of Samsung smartphones, wearables, and other smart appliances is chock-full of security holes.

The researcher discovered 40 zero-day vulnerabilities

The entire affair began when Neiderman purchased a Tizen-powered TV for his home. Upon discovering just how badly the code on his TV was written, the researcher decided to buy a bunch of Samsung smartphones that use the OS in order to test them out. Neiderman managed to detect 40 unknown vulnerabilities (also known as zero-days), which could allow someone to remotely hack any current or future device using Tizen. By comparison, the CIA hijack described in the WikiLeaks documents only worked on older Samsung Smart TVs and required an agent to physically install it on a television set via a USB stick.

According to Neiderman, much of Tizen's code base has been borrowed by Bada, an old Samsung mobile OS which was discontinued, but most of the vulnerabilities he located were from code that was specifically written for Tizen within the last two years.

Speaking to Vice's Motherboard, Neiderman described how "charmed" he was with his discovery:

It may be the worst code I’ve ever seen.Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software...You can update a Tizen system with any malicious code you want.

"You can update a Tizen system with any malicious code you want"

Of all the security risks, Neiderman points out one particular design flaw as critical. It involves the Tizen Store, which is Samsung's alternative to Google Play. The researcher claims that a heap-overflow vulnerability in the app enabled him to hijack the software to deliver malicious code into his Samsung TV. As the Tizen Store possesses the highest privileges one can get on a device, it is a Holy Grail for any malicious party that can abuse it.

Recommended Stories

As you may know, Samsung sees Tizen as the primary way to reduce its reliance on Android. Although the tech giant has released a limited number of smartphones running the OS in countries like India and Russia, there are speculations that we might see the system being employed on a much broader basis in the near future. Neiderman says his recent discovery prompted Samsung to contact him, and advises the company to reconsider the mass implementation of Tizen to phones before performing a major reconstruction of the code.

source: Motherboard

Recommended Stories

Loading Comments...

Popular stories

T-Mobile introduces welcome change for iPhone users
T-Mobile introduces welcome change for iPhone users
Time has come to say goodbye to T-Mobile app after 12 years
Time has come to say goodbye to T-Mobile app after 12 years
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
People are hearing voices coming from their iPhone
People are hearing voices coming from their iPhone
This better not be happening: YouTube Premium users are seeing ads
This better not be happening: YouTube Premium users are seeing ads
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to

Latest News

Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
Apple releases iPhone and iPad security updates you should install ASAP
Apple releases iPhone and iPad security updates you should install ASAP
FCC OKs Cingular\'s purchase of AT&T Wireless