Samsung Tizen has 40 zero-day vulnerabilities, researcher warns

Samsung is increasingly using its Tizen platform on its connect devices, such as smart TVs, but that may not be a good thing from a security standpoint. According to Israeli researcher Amihai Neiderman, Tizen is a poorly created product with 40 previously unknown security vulnerabilities, ones that could allow hackers to relatively easily gain access to the connected devices and to take control of them. He goes so far as to say, "It may be the worse code I've ever seen."

The information comes from Vice's Motherboard, which spoke to Neiderman. According to the researcher, Tizen is a mess of mistakes both big and small. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

That's a damning accusation for Samsung's platform, which is used in millions of smartphones and the company's Gear smartwatches, in addition to some IoT appliances. One example of the vulnerabilities, according to Neiderman, is an issue with the TizenStore that enabled him to send malicious code to his own Samsung smart TV. Other issues allow hackers to gain remote control, among other things.

Neiderman goes on to claim that Tizen uses some code from now-defunct Samsung mobile OS Bada, though it is the newer code that mostly contains the vulnerabilities. Some data isn't transmitted using SSL encryption, as well. The researcher contacted Samsung months ago and received only a boilerplate automated response. Once the news went public, however, Samsung stated it is working with Neiderman to address the issues.

SOURCE: Motherboard