Tizen is a hacker's dream

Adjust Comment Print

He said Tizen's code may be "the worst he'd ever seen" and that the people who wrote it "don't have any understanding of security". He added that it's surprising that "Everything you can do wrong there, they do it".

In an effort to draw developers' interest, Samsung recently announced it would give a $10,000 bonus to top Tizen apps at the end of each month. Using the store, Neiderman was able to deliver malicious code to his Samsung smart TV without much difficulty.

He revealed 40 previously unknown vulnerabilities in the software, which has been pushed by Samsung as it seeks to reduce its dependency on Google and Android.

But two separate and more recent demonstrations from security researchers have shown that Samsung users are more vulnerable than first believed. According to the Ars Technica, the OS is predominantly used in smart devices, but Samsung continues to dabble with it on smartphones.

He says much of the Tizen code base is old and borrows from previous Samsung coding projects, including Bada, a previous mobile phone operating system that Samsung discontinued. It's like taking an undergraduate and letting him program your software. He believes that numerous 40 flaws-called zero day exploits because there are no fixes and hackers could take advantage of them right now-were caused by Samsung coding errors that were never discovered in product testing.

With Tizen, which is an open source operating system based on Linux, Samsung is trying to offer an alternative OS to a market dominated by Google's Android and Apple's iOS. That might not be the case with a less popular operating system like Tizen.

Birth Defects Strike 1 in 10 U.S. Pregnancies Affected by Zika
Because of limitations of testing, only tests done within the first few weeks of Zika can test specifically for the Zika virus. CDC experts published their findings today in a Vital Signs report in Morbidity and Mortality Weekly Report (MMWR ).

Samsung has relied heavily on its own OS rather than depend on Android, which has also had its fair share of bug reports in the past.

He also claims the flaws he discovered are present in devices far newer than those exploited by the Central Intelligence Agency, and believes the hacks could even be performed on Tizen devices yet to go on sale.

Tizen apps are authenticated before installation, Neiderman told Zetter, but an elementary attack known as a heap overflow lets you seize control before the authentication is enforced. Tizen's protections against it are insufficient, Neiderman said.

Fear factor: While we hear a lot about the security of our phones, we don't pay a lot of attention to the OSes on our other gadgets. Since this particular app can access and change any part of the system, a malicious hacker exploiting the flaw would have absolute and total control over your Tizen device.

This is bad news for Samsung as we all suspect they may want to eventually roll out Tizen to their Galaxy phones.

Samsung says it is "fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities".

Comments