Samsung's Tizen Massive Code Error Poses Security Risks To Your Devices

Ken Copeland
April 6, 2017

You can see that nobody with any understanding of security looked at this code and wrote it. "They made a lot of wrong assumptions about where they needed encryption", Neiderman notes.

When it was revealed that the US Central Intelligence Agency (CIA) was able to monitor people through their smart Samsung televisions, some small sense of relief was to be found in the fact that any such operation required physical access to an older model from the South Korean manufacturer.

For Samsung, Tizen is its attempt to push beyond Google's Android confines for the future of its devices.

Earlier last month, another security researcher had reported that the company was leaking customer data who were buying Samsung TVs using its online store.

While much of the code is inherited from Tizen's Intel and Samsung predecessor projects, Neiderman says that most of the flaws he found were in the newer code. According to him, Samsung's TizenStore, which is an app store, has a design flaw which allowed him to hijack the software to deliver malicious code to Samsung TV.

Security researcher Amihai Neiderman of Equus Software told Motherboard that there are 40 unreported security vulnerabilities that would allow remote execution and hacking of every Samsung TV, watch or phone that is based on Tizen. An Israeli security researcher has found no less than 40 previously unknown zero-day security vulnerabilities in Tizen.

Mass Effect Andromeda's Facial Animation Was Outsourced
This was a big game with a lot of weight on its shoulders that didn't live up to many players' expectations. By comparison, there are five male-female romance options, three of which are Ryder's own squadmates.

Ralph Lauren closing flagship Manhattan store and other locations
How that affects the Polo Ralph Lauren Factory Store at Williamsburg Premium Outlets, if at all, is not clear. During the fiscal year ending on March 31, the company had already closed 50 stores.

We May See Project Scorpio Specs Soon
If the rumors are true, then people will finally be able to know what's really inside the Xbox Project Scorpio console. As such, there's little to wait until we'll see if indeed Microsoft will unveil the Xbox Scorpio next week.

You can't use hardware without having software on it, and Samsung has been trying to use Tizen to reduce its heavy reliance on the Android platform, which belongs to Google. Since TizenStore has the highest privileges you can get on a device, a hacker could make it do whatever it wanted. The CIA related documents uploaded by Wikileaks proves to everyone that Tizen is not yet ready to replace Android on Samsung's flagship smartphones.

Tizen apps are authenticated before installation, Neiderman told Zetter, but an elementary attack known as a heap overflow lets you seize control before the authentication is enforced. He concluded that with the OS, it's extremely easy for malicious code to be uploaded into the Tizen system.

IBTimes UK has contacted Samsung and will update this article when we receive a reply.

"It looks like Samsung is planning something big for Tizen", Neiderman said. We might see the new Galaxy [smartphones] running Tizen, it could happen that soon.

Consumers should be concerned about the vulnerabilities Neiderman discovered in Tizen, maintained James Scott, a senior fellow with the Institute for Critical Infrastructure Technology. "We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities", the statement reads.

Other reports by Guamnewswatch

Discuss This Article