Great Moto G Stylus deal on Amazon!

Samsung's Tizen OS is a hacker's dream, security researcher exposes 40 unknown vulnerabilities

By
23comments
Samsung Tizen

Last month, whistle-blowing site WikiLeaks published thousands of documents which revealed the various methods that the CIA uses to break into electronic devices. Most of the hacking tools targeted smartphones and computers, but many people were surprised to find out that even Samsung Smart TVs are open to vulnerabilities.

However, the latest revelations from one Israeli security researcher suggest that your Smart TV isn't the only Samsung device that can be exploited. Amihai Neiderman, head of research at Equus Software, has discovered that the Tizen operating system which is used on millions of Samsung smartphones, wearables, and other smart appliances is chock-full of security holes.

The researcher discovered 40 zero-day vulnerabilities

The entire affair began when Neiderman purchased a Tizen-powered TV for his home. Upon discovering just how badly the code on his TV was written, the researcher decided to buy a bunch of Samsung smartphones that use the OS in order to test them out. Neiderman managed to detect 40 unknown vulnerabilities (also known as zero-days), which could allow someone to remotely hack any current or future device using Tizen. By comparison, the CIA hijack described in the WikiLeaks documents only worked on older Samsung Smart TVs and required an agent to physically install it on a television set via a USB stick.

According to Neiderman, much of Tizen's code base has been borrowed by Bada, an old Samsung mobile OS which was discontinued, but most of the vulnerabilities he located were from code that was specifically written for Tizen within the last two years.

Recommended Stories
Speaking to Vice's Motherboard, Neiderman described how "charmed" he was with his discovery:

It may be the worst code I’ve ever seen.Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software...You can update a Tizen system with any malicious code you want.

"You can update a Tizen system with any malicious code you want"

Of all the security risks, Neiderman points out one particular design flaw as critical. It involves the Tizen Store, which is Samsung's alternative to Google Play. The researcher claims that a heap-overflow vulnerability in the app enabled him to hijack the software to deliver malicious code into his Samsung TV. As the Tizen Store possesses the highest privileges one can get on a device, it is a Holy Grail for any malicious party that can abuse it.


As you may know, Samsung sees Tizen as the primary way to reduce its reliance on Android. Although the tech giant has released a limited number of smartphones running the OS in countries like India and Russia, there are speculations that we might see the system being employed on a much broader basis in the near future. Neiderman says his recent discovery prompted Samsung to contact him, and advises the company to reconsider the mass implementation of Tizen to phones before performing a major reconstruction of the code.

source: Motherboard

Recommended Stories

Loading Comments...

Popular stories

T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life

Latest News

T-Mobile confirms major 5G network upgrades in Louisiana
T-Mobile confirms major 5G network upgrades in Louisiana
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
AT&T's first kid-friendly tablet is here with a fun design and great price
AT&T's first kid-friendly tablet is here with a fun design and great price
LeBron James may have leaked Apple's next big Beats product
LeBron James may have leaked Apple's next big Beats product
FCC OKs Cingular\'s purchase of AT&T Wireless