Skip to main content
  1. Home
  2. Mobile
  3. News

Security expert: Samsung's Tizen operating system is a hacker's dream

Kyle Wiggers
By

tizen security multiple exploits os samsung suwon south korea 4 1500x1000
Image used with permission by copyright holder
Tizen, Samsung’s open-source operating system, is riddled with vulnerabilities. That’s according to Motherboard, which spoke with an Israel-based Tizen security expert.

Samsung’s Tizen contains as many as 40 unknown bugs, or zero-days, that could allow a cyber criminal to hack devices without needing to physically access them. “It may be the worst code I’ve ever seen,” Amihai Neiderman, a Kaspersky Labs researcher, told Motherboard. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it.”

Recommended Videos

One security flaw involving TizenStore, Tizen’s app store, could let a hacker pack malicious code with a software update. TizenStore takes measures to ensure that only verified software is installed on Tizen devices, but those measures can be overridden. “You can update a Tizen system with any malicious code you want,” said Neiderman.

Related

Another flaw exploits buffer overrun, a condition that occurs when the space to which data is being written is too small for the data. Tizen’s protections against it are insufficient, Neiderman said.

And Tizen failed to use encryption for secure connections when transmitting certain data. “They made a lot of wrong assumptions about where they needed encryption,” Neiderman told Motherboard.

The problem stems in part from unwieldy code. Neiderman told Motherboard that much of the Tizen code base is old and borrows from previous Samsung projects, including Bada, a discontinued mobile phone operating system. “You can see that they took all this code and tried to push it into Tizen,” he said.

That’s bad news. Samsung, in a long-running effort to reduce its reliance on Google’s Android operating system, is shipping a growing number of devices with Tizen.

“Tizen is going to be Samsung’s next biggest thing. We might see the new Galaxies running Tizen, it could happen that soon. But right now Tizen is not safe enough for that.”

Tizen powers more than 30 million of the company’s smart TVs, tens of millions of Samsung Gear smartwatches, and prototypical smart washing machines and refrigerators. And it’s in smartphones as well. Samsung has Tizen running on phones in countries like Russia, India, and Bangladesh, and plans to have 10 million Tizen phones in the market this year.

Samsung told Motherboard that it’s working with Niederman to address the bugs. “We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmarTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.”

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Operation Shush: The rise and fall of Samsung’s unloved Bixby assistant
Bixby Galaxy S21 Trending

There’s a silent campaign -- let's call it Operation Shush -- to stop you from using Bixby on your Samsung phone. The virtual assistant was once heralded as the future of control for connected Samsung devices, and the answer to Apple’s Siri and Google's Assistant. Today, just like the Galaxy Home — a Bixby-focused product that has never been released — Bixby isn’t mentioned much at all, almost as if it’s hoped we forget it ever existed.

What happened? And does Bixby deserve to be silenced?
Lofty expectations
“The possibility of what Bixby can become is endless,” Injong Rhee, Samsung’s head of research and development, wrote in the original 2017 announcement, arguably setting Bixby up for failure right from the start. We were told Bixby was “a new intelligent interface on our devices” and “fundamentally different from other voice agents or assistants in the market.”

Read more
There’s a major Android bluetooth security flaw. Here’s how to fix it
Android

Looks like it's time to check if you have an Android security update available to your phone. A new security flaw has been discovered in Android -- and this time, it uses Bluetooth to allow access to your phone.

The flaw, called BlueFrag, takes advantage of Bluetooth in Android 8 and 9, and it basically allows hackers to execute code on your device. The result? Hackers can fully access anything stored on your phone, and install malware without your knowledge.

Read more
Samsung Galaxy Note 10 Tesla Special Edition turns out to be a beautiful dream
note 9 s pen

Samsung is not -- repeat not -- making a Tesla-branded phablet. In what turned out to be something of a imaginative high concept, YouTuber Arun Maini last week posted a fictional render on Twitter of a Tesla-Samsung collaboration citing a Samsung Galaxy Note 10 car-themed special edition. We had been awaiting word of some new features to Samsung's phablet, and were intrigued by the prospect of a Samsung Galaxy Note 10 Tesla Edition. But that is not to be -- at least not at this time.

It didn't help that the original imagined leaked image had surfaced on Chinese social media website Weibo, and seemed to show a promotional image of the Note 10 Tesla Edition, complete with a brushed metal back panel, red accents, Tesla logo, and a correspondingly red and metal-effect S Pen. From there, a legit-sounding rumor took on a life of its own.

Read more