Samsung’s TV & Watch OS Tizen bursting with zero-day vulnerabilities

Samsung’s TV & Watch OS Tizen bursting with zero-day vulnerabilities

Samsung's TV & Watch OS Tizen bursting with zero-day vulnerabilities

Upto 40 zero-day vulnerabilities have been discovered by a cyber security researcher on Tizen. This is the operating system that Samsung use on their smart televisions and smartwatches.

Samsung has opted to use its own home-grown Tizen operating system on its smart devices apart from phones over Google’s Android. There are further plans for the operating system to run on smart refrigerators and washing machines.

Israeli researcher Amihai Neiderman told Motherboard: ‘It may be the worst code I’ve ever seen,

‘Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.’

Google Home, Amazon Echo or Hive: How safe is your data?

Of the 40-odd vulnerabilities that were found, Neiderman said that the worst was on TizenStore, which should in effect be the most secure. There is a critical design flaw on it that would allow potential hackers to hijack the software and inject malicious code onto TVs.

 

Old code on Tizen is to be blames, stuff that is reminiscent of Bada, an old mobile operating system that’s no longer in use.

“You can see that they took all this code and tried to push it into Tizen,” Neiderman adds. Other loopholes were present because there was no SSL encryption, and generic error within the codes that could have been put right with the right checks and balances in place.

While Samsung initially brushed the concerns off, they are now liaising with Neiderman to spot and patch the issues. In a statement, Samsung told Motherboard: [It is] ‘fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.’

Hacking a smart TV for dummies: a security expert demonstrates

Nikos Chrysaidos, Head of Mobile Threat Intelligence & Security at Avast said: ‘Tizen is a new Operating System (OS) launched by Samsung and as starts to gain publicity and get adopted, it is not only security researchers who will start looking at the code to identify vulnerabilities. With this OS already inside millions of smart TVs, mobile phones, fridges and smart watches, these vulnerabilities could also cause a new epidemic of Tizen-focused malware.  

Cybercriminals could also compromise the OS by creating malicious apps targeting the OS that they then list in the Tizen App Store. As a result, there is always going to be a potentially greater risk that a vulnerability exists or could be introduced by a third party developer for Samsung phones, than those run on other operating systems.”

Tizen currently runs on over 30 million devices and Samsung use the operating system on smartphones it sells in countries like India. Tizen is seen as Samsung’s principal asset in its reluctant Google dependancy. Samsung’s smartphones in the UK and US run on the latest version of Google’s Android platform.

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]