News
News Categories

Samsung's Tizen OS has 40 zero-day vulnerabilities

By Bryan Chan & Cookie Monster - on 5 Apr 2017, 9:47am

Samsung's Tizen OS has 40 zero-day vulnerabilities

Samsung's Tizen OS, which is widely believed to be an Android replacement for its devices in the future, needs a major overhaul of its code base due to serious security flaws.

Following reports of CIA having tools to hack into Tizen-powered Samsung Smart TVs, Israeli researcher Amihai Neiderman carried out his own investigation and discovered 40 zero-day vulnerabilities in the code base. A zero-day vulnerability is defined as an unknown exploit that hackers can take advantage to plant virus, Trojan horse or malware.

What makes these vulnerabilities especially worrying is the fact that hackers can take control of a Tizen-powered device via remote-code execution without the need for a device's physical address. The most criticial vulnerability lies with the design of the Tizen Store, which allows hackers to deliver malicious code to Tizen devices. 

Neiderman was very critical about the Tizen OS, which he stated as outdated and borrowed from Bada OS. Most of the vulnerabilities were also found in codes written within the past two years.

"It may be the worst code I've ever seen," he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

He tried contacting Samsung a few months ago, but only got an automated email reply. Only after news broke on these vulnerabilities did Samsung sent the following statement:

"We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks."

Tizen is currently running on more than 30 million Samsung Smart TVs and can also be found in the company's wearables and smartphones. The Tizen OS will also be making its way into smart washing machines and refrigerators in the near future.

Source: motherboard.vice via SamMobile