Samsung's Version Of Tizen May Be Massively Insecure


Samsung is using an extremely modified version of the open-source Tizen OS in a ton of different use cases that would call for powerful security, but a recent poke around the code by a seasoned security expert shows an OS full of security holes and vulnerabilities that could open the door to all sorts of nasty exploits. The security expert in question, Equus Software's very own Amihai Neiderman, took a spin around the code on Samsung's Tizen codebase, and managed to find no less than 40 distinct exploitable bits of code, all of which can potentially be used to elevate privileges and run unsigned code; while these two exploit types are quite dangerous on their own, when combined, they can literally hand over full control of the device to anybody who's willing to take it.

Samsung has been making heavy use of Tizen in smart TVs, smartwatches like the Gear lineup, and even their Z smartphones in recent years, making these security concerns all the more egregious. To boot, all of them are "zero-day" exploits, meaning that the agency in charge of the code, in this case Samsung, does now know of their presence. Neiderman, for his part, tore into the OS calling it "…the worst code I've ever seen…", and saying that "…nobody with any understanding of security…" could possibly have been involved in this code's creation or review.

Tizen is not the first bit of IoT or mobile software to come under fire for a lack of security; smart locks that broadcast their password over Bluetooth in plain text, for example, have also raised eyebrows. This group of flaws in Tizen is, however, one of the biggest security problems in the sector right now due to the sheer scale of Samsung's sales numbers. They've managed to move millions of smart TVs packing Tizen, and their flagship Gear smartwatch lineup all sport Tizen OS in some form. Neiderman's crawl through the code revealed outdated bits of code and functions long since proven unsafe, as well as a good bit of code that seemed to be borrowed from older Samsung projects. It's unclear exactly how much of the security issues can be blamed on the vanilla, mostly community maintained Tizen OS, and how much is strictly Samsung's fault.

Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments