Save up to $800 on Samsung Galaxy Tab S10

Samsung's Tizen OS is a hacker's dream, security researcher exposes 40 unknown vulnerabilities

By
23comments
Google News Follow
Follow us on Google News
Samsung Tizen

Last month, whistle-blowing site WikiLeaks published thousands of documents which revealed the various methods that the CIA uses to break into electronic devices. Most of the hacking tools targeted smartphones and computers, but many people were surprised to find out that even Samsung Smart TVs are open to vulnerabilities.

However, the latest revelations from one Israeli security researcher suggest that your Smart TV isn't the only Samsung device that can be exploited. Amihai Neiderman, head of research at Equus Software, has discovered that the Tizen operating system which is used on millions of Samsung smartphones, wearables, and other smart appliances is chock-full of security holes.

The researcher discovered 40 zero-day vulnerabilities

The entire affair began when Neiderman purchased a Tizen-powered TV for his home. Upon discovering just how badly the code on his TV was written, the researcher decided to buy a bunch of Samsung smartphones that use the OS in order to test them out. Neiderman managed to detect 40 unknown vulnerabilities (also known as zero-days), which could allow someone to remotely hack any current or future device using Tizen. By comparison, the CIA hijack described in the WikiLeaks documents only worked on older Samsung Smart TVs and required an agent to physically install it on a television set via a USB stick.

According to Neiderman, much of Tizen's code base has been borrowed by Bada, an old Samsung mobile OS which was discontinued, but most of the vulnerabilities he located were from code that was specifically written for Tizen within the last two years.

Speaking to Vice's Motherboard, Neiderman described how "charmed" he was with his discovery:

It may be the worst code I’ve ever seen.Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software...You can update a Tizen system with any malicious code you want.

"You can update a Tizen system with any malicious code you want"

Of all the security risks, Neiderman points out one particular design flaw as critical. It involves the Tizen Store, which is Samsung's alternative to Google Play. The researcher claims that a heap-overflow vulnerability in the app enabled him to hijack the software to deliver malicious code into his Samsung TV. As the Tizen Store possesses the highest privileges one can get on a device, it is a Holy Grail for any malicious party that can abuse it.

Recommended Stories

As you may know, Samsung sees Tizen as the primary way to reduce its reliance on Android. Although the tech giant has released a limited number of smartphones running the OS in countries like India and Russia, there are speculations that we might see the system being employed on a much broader basis in the near future. Neiderman says his recent discovery prompted Samsung to contact him, and advises the company to reconsider the mass implementation of Tizen to phones before performing a major reconstruction of the code.

source: Motherboard

Recommended Stories

Loading Comments...

Popular stories

Three changes coming to Google Messages to kick the texting experience up a notch
Three changes coming to Google Messages to kick the texting experience up a notch
T-Mobile and SpaceX's direct-to-cell service is suddenly so much more exciting
T-Mobile and SpaceX's direct-to-cell service is suddenly so much more exciting
The dream smartphone will finally become reality in 2025
The dream smartphone will finally become reality in 2025
Upcoming T-Mobile Tuesdays gift might be this season's comfiest accessory
Upcoming T-Mobile Tuesdays gift might be this season's comfiest accessory
Best Buy is incredibly selling the Moto G Play (2024) for $9.99 with (almost) no strings attached
Best Buy is incredibly selling the Moto G Play (2024) for $9.99 with (almost) no strings attached
New Google Messages feature to allow users to choose custom images for contacts
New Google Messages feature to allow users to choose custom images for contacts

Latest News

The rugged Garmin Instinct 2S Camo Edition enjoys a huge $120 discount at Amazon
The rugged Garmin Instinct 2S Camo Edition enjoys a huge $120 discount at Amazon
After a massive $130 discount, the sleek Galaxy Watch 6 Classic becomes a real gem on Amazon
After a massive $130 discount, the sleek Galaxy Watch 6 Classic becomes a real gem on Amazon
Destiny: Rising mobile game soft-launched in select countries
Destiny: Rising mobile game soft-launched in select countries
Realme GT 7 Pro debuts packed with power and ready for action with underwater photography
Realme GT 7 Pro debuts packed with power and ready for action with underwater photography
Xiaomi 14T Pro PhoneArena Camera score: Mr. Average
Xiaomi 14T Pro PhoneArena Camera score: Mr. Average
Doorbuster promo at Lenovo lands the Lenovo Tab Plus at its lowest price so far
Doorbuster promo at Lenovo lands the Lenovo Tab Plus at its lowest price so far
FCC OKs Cingular\'s purchase of AT&T Wireless