V3.co.uk

Samsung's Tizen Android replacement riddled with security holes, claim researchers

Tizen might be "the worst code I've ever seen", claims Kaspersky security specialist

Tizen logo
Tizen has more serious security holes than Android, claims Kaspersky
  • Ben Woods
0 Comments

While Samsung's home-brewed Tizen operating system hasn't enjoyed the sort of full roll-out afforded to Android-based devices, Samsung has been slowly developing the platform and delivering it to smartwatches and televisions, as well as a few smartphones, in select countries.

However, Amihai Neiderman, a security researcher speaking at the Kaspersky Security Analyst Summit this week, claims that Tizen presents a significant security risk. It contains more than 40 known weaknesses, he claims, making it "maybe the worst code i've ever seen", according to Motherboard.

The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised.

One part of the problem is code being repurposed and re-used from earlier ‘Bada' projects, but Neiderman says that many of the more severe issues, which include buffer overrun exploits and incorrectly implemented encryption, are found in new code written in the last two years.

For Samsung, Tizen is its attempt to push beyond Google's Android confines for the future of its devices. It wants more control over both the hardware and software it creates, as well as higher profits from mobile and other devices.

But Neiderman argues that the South Korean company needs to reconsider a large-scale rollout of Tizen on smartphones until the overall security of the platform has been improved.

While it's worrying enough for Tizen-based TVs, putting an operating system on tens of millions of smartphones with these sorts of vulnerabilities could result in a lot of potential headaches for the company considering how much more personal info is stored on a phone compared to a TV.

Niederman says he tried to contact Samsung "months ago" but got a standard automated response. 

Now it has all been blown into the open, Samsung couldn't be keener to re-assure customers. 

In a statement to V3, the company said: "Samsung Electronics takes security and privacy very seriously. We regularly check our systems and, if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue.

"We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Amihai Neiderman, to mitigate any potential vulnerabilities.

"Through our Bug Bounty program and internal security safeguards, Samsung continuously patches any would-be vulnerabilities."

Further reading

V3 Latest