Samsung's Tizen Android replacement riddled with security holes, claim researchers
Tizen might be "the worst code I've ever seen", claims Kaspersky security specialist
While Samsung's home-brewed Tizen operating system hasn't enjoyed the sort of full roll-out afforded to Android-based devices, Samsung has been slowly developing the platform and delivering it to smartwatches and televisions, as well as a few smartphones, in select countries.
However, Amihai Neiderman, a security researcher speaking at the Kaspersky Security Analyst Summit this week, claims that Tizen presents a significant security risk. It contains more than 40 known weaknesses, he claims, making it "maybe the worst code i've ever seen", according to Motherboard.
The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised.
One part of the problem is code being repurposed and re-used from earlier ‘Bada' projects, but Neiderman says that many of the more severe issues, which include buffer overrun exploits and incorrectly implemented encryption, are found in new code written in the last two years.
For Samsung, Tizen is its attempt to push beyond Google's Android confines for the future of its devices. It wants more control over both the hardware and software it creates, as well as higher profits from mobile and other devices.
But Neiderman argues that the South Korean company needs to reconsider a large-scale rollout of Tizen on smartphones until the overall security of the platform has been improved.
While it's worrying enough for Tizen-based TVs, putting an operating system on tens of millions of smartphones with these sorts of vulnerabilities could result in a lot of potential headaches for the company considering how much more personal info is stored on a phone compared to a TV.
Niederman says he tried to contact Samsung "months ago" but got a standard automated response.
Now it has all been blown into the open, Samsung couldn't be keener to re-assure customers.
In a statement to V3, the company said: "Samsung Electronics takes security and privacy very seriously. We regularly check our systems and, if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue.
"We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Amihai Neiderman, to mitigate any potential vulnerabilities.
"Through our Bug Bounty program and internal security safeguards, Samsung continuously patches any would-be vulnerabilities."
Further reading
V3 Latest
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
Intel NUC latest news: Intel releases two new NUCs and five NUC kits
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
Apple fanboy hacks company network - saves purloined files in folder called 'hacky hack hack'
'Notorious' Australian child hacker thought he had executed 'flawless' hack
Ex-employee accuses Tesla of spying on workers and ignoring drug cartel operating in Gigafactory
The former employee says that Tesla fired him for bringing the accusations to management internally
