Upto 40 zero-day vulnerabilities have been discovered by a cyber security researcher on Tizen. This is the operating system that Samsung use on their smart televisions and smartwatches.
Samsung has opted to use its own home-grown Tizen operating system on its smart devices apart from phones over Google’s Android. There are further plans for the operating system to run on smart refrigerators and washing machines.
Israeli researcher Amihai Neiderman told Motherboard: ‘It may be the worst code I’ve ever seen,
‘Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.’
Of the 40-odd vulnerabilities that were found, Neiderman said that the worst was on TizenStore, which should in effect be the most secure. There is a critical design flaw on it that would allow potential hackers to hijack the software and inject malicious code onto TVs.
Old code on Tizen is to be blames, stuff that is reminiscent of Bada, an old mobile operating system that’s no longer in use.
“You can see that they took all this code and tried to push it into Tizen,” Neiderman adds. Other loopholes were present because there was no SSL encryption, and generic error within the codes that could have been put right with the right checks and balances in place.
While Samsung initially brushed the concerns off, they are now liaising with Neiderman to spot and patch the issues. In a statement, Samsung told Motherboard: [It is] ‘fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.’
Nikos Chrysaidos, Head of Mobile Threat Intelligence & Security at Avast said: ‘Tizen is a new Operating System (OS) launched by Samsung and as starts to gain publicity and get adopted, it is not only security researchers who will start looking at the code to identify vulnerabilities. With this OS already inside millions of smart TVs, mobile phones, fridges and smart watches, these vulnerabilities could also cause a new epidemic of Tizen-focused malware.
Cybercriminals could also compromise the OS by creating malicious apps targeting the OS that they then list in the Tizen App Store. As a result, there is always going to be a potentially greater risk that a vulnerability exists or could be introduced by a third party developer for Samsung phones, than those run on other operating systems.”
Tizen currently runs on over 30 million devices and Samsung use the operating system on smartphones it sells in countries like India. Tizen is seen as Samsung’s principal asset in its reluctant Google dependancy. Samsung’s smartphones in the UK and US run on the latest version of Google’s Android platform.