Short Bytes: There are good chances that you might’ve heard about Samsung’s Android replacement Tizen OS. Recently, an Israeli researcher uncovered 40 zero-days in this Linux-based open source OS. As most of the flaws can enable remote code execution, they are very critical. While Samsung refused to acknowledge the findings initially, it has recently promised to mitigate the flaws.
It’s not hidden that Samsung is placing its bets on Linux-based Tizen OS and developing it as an Android replacement. But, Samsung’s Tizen efforts have appeared to experienced a setback as an Israeli researcher has found 40 new zero-day vulnerabilities.
The researcher Amihai Neiderman stresses on the fact that these vulnerabilities are very critical and they have the potential to open a door to remote code execution. Using such flaws, a hacker can almost do anything without accessing device.
Talking to Motherboard, Neiderman said, “It may be the worst code I’ve ever seen.” He further bashed Samsung by saying that the programmers who wrote the code appear to have no understanding of security. “It’s like taking an undergraduate and letting him program your software,” he added.
Neiderman particularly highlighted a flaw in Samsung’s TizenStore app, which is Samsung’s version of Google Play Store. Using TizenStore, apps and updates are delivered to the Tizen devices. This app operates with highest privileges and Neiderman was able to exploit it and send malicious code to his Samsung TV.
It was also found that Samsung didn’t use SSL encryption for securing data while communicating.
Talking about the userbase, Tizen OS currently runs on 21 million Samsung Smart TVs. It powers Samsung Z1, Z2, and Z3 smartphones, which are mainly sold in India. It can also be found in Samsung’s other home appliances and wearables like Gear smartwatches, air conditioner, vacuum cleaner, refrigerator, washing machine, etc.
Compared to iOS and Android, Tizen isn’t widely used. This has allowed Samsung to get away with such flaws.
Neiderman said that he had contacted Samsung months ago, but the company didn’t reply. When this issue was highlighted by tech publications, Samsung said that it’s fully committed to mitigate the flaws.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.