Skip to main content

Security expert: Samsung's Tizen operating system is a hacker's dream

Tizen, Samsung’s open-source operating system, is riddled with vulnerabilities. That’s according to Motherboard, which spoke with an Israel-based Tizen security expert.

Samsung’s Tizen contains as many as 40 unknown bugs, or zero-days, that could allow a cyber criminal to hack devices without needing to physically access them. “It may be the worst code I’ve ever seen,” Amihai Neiderman, a Kaspersky Labs researcher, told Motherboard. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it.”

Recommended Videos

One security flaw involving TizenStore, Tizen’s app store, could let a hacker pack malicious code with a software update. TizenStore takes measures to ensure that only verified software is installed on Tizen devices, but those measures can be overridden. “You can update a Tizen system with any malicious code you want,” said Neiderman.

Another flaw exploits buffer overrun, a condition that occurs when the space to which data is being written is too small for the data. Tizen’s protections against it are insufficient, Neiderman said.

And Tizen failed to use encryption for secure connections when transmitting certain data. “They made a lot of wrong assumptions about where they needed encryption,” Neiderman told Motherboard.

The problem stems in part from unwieldy code. Neiderman told Motherboard that much of the Tizen code base is old and borrows from previous Samsung projects, including Bada, a discontinued mobile phone operating system. “You can see that they took all this code and tried to push it into Tizen,” he said.

That’s bad news. Samsung, in a long-running effort to reduce its reliance on Google’s Android operating system, is shipping a growing number of devices with Tizen.

“Tizen is going to be Samsung’s next biggest thing. We might see the new Galaxies running Tizen, it could happen that soon. But right now Tizen is not safe enough for that.”

Tizen powers more than 30 million of the company’s smart TVs, tens of millions of Samsung Gear smartwatches, and prototypical smart washing machines and refrigerators. And it’s in smartphones as well. Samsung has Tizen running on phones in countries like Russia, India, and Bangladesh, and plans to have 10 million Tizen phones in the market this year.

Samsung told Motherboard that it’s working with Niederman to address the bugs. “We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmarTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.”

Kyle Wiggers
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Samsung commits to 4 years of security updates on many popular Galaxy devices
4 weeks with the samsung galaxy s21 ultra update back

Samsung has committed to delivering Samsung Knox security updates to a wide range of its Galaxy devices for at least four years after their release. It fills in a gray area regarding Samsung’s security update schedule, giving anyone who buys a new Samsung phone peace of mind for a substantial amount of time. Phones like the Galaxy S21 Ultra and the Note 20 Ultra are technically capable of lasting for many years, but the software needs to keep up to ensure you aren’t forced to upgrade early.

Samsung already delivers three generations of Android software updates to its Galaxy phones, a move it announced in August 2020, and while security updates arrive on a monthly or quarterly basis, it was never clear how long these security updates would continue. It was assumed they would also last for three years. Samsung Security updates are important to keep Android secure and free from malware threats, and make sure Samsung’s own software is similarly safe.

Read more
The Galaxy S21 Ultra’s zoom camera system renewed my faith in Samsung’s flagship
Samsung Galaxy S21 Ultra back

Following our complete review of the Galaxy S21 Ultra, I planned to follow up with my own thoughts after another week with Samsung's latest flagship. I knew I'd talk about the phone's size, which is colossal, and it's battery life, which is equally immense. But I'm skipping all of that, for now, because I'm in love with the Galaxy 21 Ultra's camera.

I received both the Galaxy S21 and S21 Ultra for review, so I could experience both the entry point, and top end, of the lineup. I chose to review the former first, because it's the phone that gets people in the door and has the price tag to appeal to the broadest market. I was disappointed by its cameras because they hadn't appreciably progressed from the Galaxy S20 series. Then I switched to the Galaxy S21 Ultra, and it made me forget about the base S21 immediately
Noticeable quality improvements
The Galaxy S21 Ultra's primary and ultrawide cameras don't seem particularly impressive, or different from the S20 Ultra's, but the details are very important. The primary 108-megapixel main camera is a refreshed version of the sensor from last generation and, critically, it's now supported with a laser autofocus module, fixing the S20 Ultra's horrible focus hunting problems. The ultrawide camera is 12MP, with the same focal length as the S21, but it's an entirely different sensor, supported by autofocus.

Read more
Operation Shush: The rise and fall of Samsung’s unloved Bixby assistant
Bixby Galaxy S21 Trending

There’s a silent campaign -- let's call it Operation Shush -- to stop you from using Bixby on your Samsung phone. The virtual assistant was once heralded as the future of control for connected Samsung devices, and the answer to Apple’s Siri and Google's Assistant. Today, just like the Galaxy Home — a Bixby-focused product that has never been released — Bixby isn’t mentioned much at all, almost as if it’s hoped we forget it ever existed.

What happened? And does Bixby deserve to be silenced?
Lofty expectations
“The possibility of what Bixby can become is endless,” Injong Rhee, Samsung’s head of research and development, wrote in the original 2017 announcement, arguably setting Bixby up for failure right from the start. We were told Bixby was “a new intelligent interface on our devices” and “fundamentally different from other voice agents or assistants in the market.”

Read more