A security researcher from Israel has found gaping holes in the security of Tizen, the operating system that Samsung uses for a variety of smart devices, including mobile phones, watches, and TVs.
Samsung has been working on Tizen for several years, but it seems that the operating system is still riddled with many flaws that hackers will be able to exploit.
What Is Samsung's Tizen OS?
Samsung created Tizen in its bid to lower its reliance on the Android operating system of Google. The operating system is currently found in about 30 million smart TVs, along with certain Samsung smartphones and the Gear smartwatches.
Samsung previously said that it is looking to release 10 million Tizen-powered smartphones into the market within the year and that the operating system would be the one used for its upcoming new line of smart refrigerators and washing machines.
What Are The Issues Of Tizen OS?
Equus Software research head Amihai Neiderman, in an interview with Motherboard before he discussed his research at the Security Analyst Summit of Kaspersky Lab, said that Tizen is probably "the worst code" that he has ever seen.
"Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software," said Neiderman regarding Tizen.
According to Neiderman, all the vulnerabilities found in Tizen will allow hackers to gain control of a Samsung smart device through remote code execution, which means that the hackers will not even have to be physically near the target device.
Neiderman noted one security issue that was specifically critical involving the TizenStore, which is Samsung's version of Google's Play Store. According to the researcher, a flaw in the design of the app allowed him to take over the software and send malicious code to a Samsung TV. Due to the TizenStore operating on the highest possible privileges on a device, hackers who can abuse it will be able to deal massive damage, as they will be able to update malicious code into any Tizen device.
Will Samsung Fix Tizen's Problems?
According to Neiderman, while much of the code of Tizen was inherited from the predecessor projects of the operating system that was run by Samsung and Intel, most of the issues were introduced in the newer parts of its code.
When Neiderman first tried to contact Samsung about the issues, he initially received nothing but automated replies. However, since he went public with his discovery, Samsung said that it has committed to working with Neiderman to try to patch up the flaws.
Until then, users of Samsung devices that are powered by Tizen need to be extra careful if sensitive information is stored in the mobile phones or appliances. It is an even better idea to not store such data at all in Tizen-powered devices, especially after WikiLeaks also recently revealed that the CIA has created a hacking tool that targets Samsung smart TVs.