Security expert: Samsung's Tizen operating system is a hacker's dream

tizen security multiple exploits os samsung suwon south korea 4 1500x1000
Tizen, Samsung’s open-source operating system, is riddled with vulnerabilities. That’s according to Motherboard, which spoke with an Israel-based Tizen security expert.

Samsung’s Tizen contains as many as 40 unknown bugs, or zero-days, that could allow a cyber criminal to hack devices without needing to physically access them. “It may be the worst code I’ve ever seen,” Amihai Neiderman, a Kaspersky Labs researcher, told Motherboard. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it.”

One security flaw involving TizenStore, Tizen’s app store, could let a hacker pack malicious code with a software update. TizenStore takes measures to ensure that only verified software is installed on Tizen devices, but those measures can be overridden. “You can update a Tizen system with any malicious code you want,” said Neiderman.

Another flaw exploits buffer overrun, a condition that occurs when the space to which data is being written is too small for the data. Tizen’s protections against it are insufficient, Neiderman said.

And Tizen failed to use encryption for secure connections when transmitting certain data. “They made a lot of wrong assumptions about where they needed encryption,” Neiderman told Motherboard.

The problem stems in part from unwieldy code. Neiderman told Motherboard that much of the Tizen code base is old and borrows from previous Samsung projects, including Bada, a discontinued mobile phone operating system. “You can see that they took all this code and tried to push it into Tizen,” he said.

That’s bad news. Samsung, in a long-running effort to reduce its reliance on Google’s Android operating system, is shipping a growing number of devices with Tizen.

“Tizen is going to be Samsung’s next biggest thing. We might see the new Galaxies running Tizen, it could happen that soon. But right now Tizen is not safe enough for that.”

Tizen powers more than 30 million of the company’s smart TVs, tens of millions of Samsung Gear smartwatches, and prototypical smart washing machines and refrigerators. And it’s in smartphones as well. Samsung has Tizen running on phones in countries like Russia, India, and Bangladesh, and plans to have 10 million Tizen phones in the market this year.

Samsung told Motherboard that it’s working with Niederman to address the bugs. “We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmarTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.”

Mobile

Google insists it’s doing what it can to purge Play Store of malicious apps

Google's efforts to provide a secure and safe Play Store for Android users resulted in the company rejecting 55 percent more app submissions in 2018 compared to a year earlier. But the challenge is ongoing.
Computing

Enjoy Windows on a Chromebook with these great tips and tricks

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so in case you're looking to nab some Windows-only software.
Mobile

It hasn't even been announced yet, but you can already reserve the Galaxy S10

It won't be long now. With 2019 underway, the Samsung Galaxy S10 is almost here. Before it arrives, here's absolutely everything you need to know about all three of Samsung's next flagships.
Mobile

Allstate’s SquareTrade buys phone repair service iCracked

Allstate may be looking to diversify its service a little. The company announced that SquareTrade, a company Allstate owns, is buying iCracked, a popular phone repair service that currently operates in more than 60 cities.
Mobile

Worried about extra data charges? Here's how to check your usage on an iPhone

It's common to get a little nervous about nearing data limits. Keep your peace of mind by checking how much data your iPhone is using. Our guide on how to check data usage on an iPhone helps you stay in control.
Mobile

North Focals smartglasses discount cuts the price by a massive $400

Canadian startup North is hoping smartglasses will be the next big wearable. After announcing its new Focals smartglasses in late 2018, the company opened product showrooms in Brooklyn and Toronto and has made its first shipment.
Mobile

Exclusive: Take a look at what a next-generation 5G phone will look like

With 5G phones debuting at MWC in mere days, there is discussion about whether they will be clunky bricks that die after a few hours? A reference design from Qualcomm offerrs a glimpse of the future: This is what 5G phones will look like.
Mobile

New Apple patent hints clamshell-style foldable phone may be in the works

Apple has filed a patent for a foldable phone that suggests the company could be following in the footsteps of the likes of Samsung and Huawei. The patent describes a clamshell-style foldable phone with two separate sections.
Mobile

Xiaomi Mi 9 will be one of the first phones with monster Snapdragon 855 chip

Xiaomi's next major smartphone release will be the Mi 9, and the company hasn't held back in giving us a good look at the phone, revealing the design, the camera, and a stunning color.
Wearables

Galaxy Watch Active isn't official yet, but you can see it in Samsung's own app

Samsung may be about to resurrect its Sport line of smartwatches under a new name: The Galaxy Watch Sport Active. Leaks and rumors are building our picture of the device at the moment.
Mobile

Stop buying old tablets, says Samsung, buy the new Galaxy Tab S5e instead

Samsung has launched the Galaxy Tab S5e -- the E is for Essential -- a reasonably priced tablet that includes many of the features we like from the Tab A 10.5, and the Tab S4. Here's what you need to know.
Mobile

Bag yourself a bargain with the best budget tablets under $200

The battle for your budget tablet affections is really ramping up. Which tablet, costing less than $200, should be commanding your attention? We take a look at some different options for the budget-conscious.
Computing

What is Wi-Fi 6? Here's a look at the next evolution of the wireless standard

We're exploring the new naming convention for wireless standards, how it affects the devices you buy, and what the upcoming Wi-Fi generation is changing for the better.
Home Theater

Samsung accidentally leaks its new Galaxy Buds ahead of launch

It's been all but certain that Samsung would launch a successor to its Gear IconX wireless earbuds soon, but a newly leaked photo and recent FCC certification document seems to indicate that the debut is very close.