Samsung Tizen: 40 Zero Days Found by Researcher

Lynne Hanson
April 6, 2017

"You can see that nobody with any understanding of security looked at this code or wrote it". He added that it's surprising that "Everything you can do wrong there, they do it".

The entire world was shocked when Wikileaks uploaded the Central Intelligence Agency exploits documents which showed how the Central Intelligence Agency was able to forcefully access and steal information from a bunch of operating systems including Samsung's smart TV OS. It contains more than 40 known weaknesses, he claims, making it "maybe the worst code i've ever seen", according to Motherboard. The biggest concern, however, came with the lax security used on Samsung's own TizenStore app. Neiderman was able to use the app as a conduit to deliver malicious payloads, giving him full control over Tizen. Surely the South Korean company will be capable of finding someone other than an "undergraduate" coder.

But two separate and more recent demonstrations from security researchers have shown that Samsung users are more vulnerable than first believed.

Neiderman states that these vulnerabilities are found across all form factors using Tizen, including TVs, smartwatches, and even phones.

Neiderman said that much of Tizen's code comes from old projects, including Samsung's discontinued Bada operating system.

Russell Henley rallies late to win Shell Houston Open
And although trouble followed at the par-three ninth, he soon got hot again to triumph with a degree of comfort. Rickie Fowler finished third after a frustrating closing round that just never got going for him.

According to a report in Motherboard, a researcher in Israel found 40 unknown securities holes in Samsung's operating system that would let a hacker get remote access to millions of Samsung Electronic's newer TVs, smartwatches and mobile phones that are on the market and ones that will be released in the near future. Since this particular app can access and change any part of the system, a malicious hacker exploiting the flaw would have absolute and total control over your Tizen device. He believes that numerous 40 flaws-called zero day exploits because there are no fixes and hackers could take advantage of them right now-were caused by Samsung coding errors that were never discovered in product testing. Built on a Linux kernel like the Android, and running on C++ and HTML5, it was developed with a large chunk of open source software running on top. Many developers use alternative functions entirely in order to avoid these risks, but Tizen developers are "using it everywhere".

Yes, the heading says Gear S3 but that is not the only device running Tizen but it is the most relevant to us here at Ausdroid at the moment.

All the operating systems are open to bugs and vulnerabilities. One example being that Tizen does not require the use of the SSL protocol in all of its secure data transmissions. "We regularly check our systems and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue", Samsung said in a statement provided to LinuxInsider by spokesperson Danielle Meister Cohen.

If Neiderman reveals the details of this method of attack in his presentation, owners of Tizen-powered devices may want to take them offline until the vulnerability is fixed.

Other reports by TheDailyFarc

Discuss This Article