Samsung's Tizen OS is a hacker's dream, security researcher exposes 40 unknown vulnerabilities
Last month, whistle-blowing site WikiLeaks published thousands of documents which revealed the various methods that the CIA uses to break into electronic devices. Most of the hacking tools targeted smartphones and computers, but many people were surprised to find out that even Samsung Smart TVs are open to vulnerabilities.
However, the latest revelations from one Israeli security researcher suggest that your Smart TV isn't the only Samsung device that can be exploited. Amihai Neiderman, head of research at Equus Software, has discovered that the Tizen operating system which is used on millions of Samsung smartphones, wearables, and other smart appliances is chock-full of security holes.
The researcher discovered 40 zero-day vulnerabilitiesThe entire affair began when Neiderman purchased a Tizen-powered TV for his home. Upon discovering just how badly the code on his TV was written, the researcher decided to buy a bunch of Samsung smartphones that use the OS in order to test them out. Neiderman managed to detect 40 unknown vulnerabilities (also known as zero-days), which could allow someone to remotely hack any current or future device using Tizen. By comparison, the CIA hijack described in the WikiLeaks documents only worked on older Samsung Smart TVs and required an agent to physically install it on a television set via a USB stick.
According to Neiderman, much of Tizen's code base has been borrowed by Bada, an old Samsung mobile OS which was discontinued, but most of the vulnerabilities he located were from code that was specifically written for Tizen within the last two years.
Speaking to Vice's Motherboard, Neiderman described how "charmed" he was with his discovery:
"You can update a Tizen system with any malicious code you want"Of all the security risks, Neiderman points out one particular design flaw as critical. It involves the Tizen Store, which is Samsung's alternative to Google Play. The researcher claims that a heap-overflow vulnerability in the app enabled him to hijack the software to deliver malicious code into his Samsung TV. As the Tizen Store possesses the highest privileges one can get on a device, it is a Holy Grail for any malicious party that can abuse it.
As you may know, Samsung sees Tizen as the primary way to reduce its reliance on Android. Although the tech giant has released a limited number of smartphones running the OS in countries like India and Russia, there are speculations that we might see the system being employed on a much broader basis in the near future. Neiderman says his recent discovery prompted Samsung to contact him, and advises the company to reconsider the mass implementation of Tizen to phones before performing a major reconstruction of the code.