Samsung's Tizen Android replacement riddled with security holes, claim researchers
Tizen might be "the worst code I've ever seen", claims Kaspersky security specialist
While Samsung's home-brewed Tizen operating system hasn't enjoyed the sort of full roll-out afforded to Android-based devices, Samsung has been slowly developing the platform and delivering it to smartwatches and televisions, as well as a few smartphones, in select countries.
However, Amihai Neiderman, a security researcher speaking at the Kaspersky Security Analyst Summit this week, claims that Tizen presents a significant security risk. It contains more than 40 known weaknesses, he claims, making it "maybe the worst code i've ever seen", according to Motherboard.
The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised.
One part of the problem is code being repurposed and re-used from earlier ‘Bada' projects, but Neiderman says that many of the more severe issues, which include buffer overrun exploits and incorrectly implemented encryption, are found in new code written in the last two years.
For Samsung, Tizen is its attempt to push beyond Google's Android confines for the future of its devices. It wants more control over both the hardware and software it creates, as well as higher profits from mobile and other devices.
But Neiderman argues that the South Korean company needs to reconsider a large-scale rollout of Tizen on smartphones until the overall security of the platform has been improved.
While it's worrying enough for Tizen-based TVs, putting an operating system on tens of millions of smartphones with these sorts of vulnerabilities could result in a lot of potential headaches for the company considering how much more personal info is stored on a phone compared to a TV.
Niederman says he tried to contact Samsung "months ago" but got a standard automated response.
Now it has all been blown into the open, Samsung couldn't be keener to re-assure customers.
In a statement to V3, the company said: "Samsung Electronics takes security and privacy very seriously. We regularly check our systems and, if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue.
"We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Amihai Neiderman, to mitigate any potential vulnerabilities.
"Through our Bug Bounty program and internal security safeguards, Samsung continuously patches any would-be vulnerabilities."
Further reading
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago