Published in Mobiles

Tizen is a hacker's dream

by on04 April 2017


Tame Apple Press rejoices


The Tame Apple Press is doing its best to dig up negative stories about Samsung lately after the outfit released a phone which is much better and cheaper than the iPhone 7.

However, it seems to have a point about Samung’s new operating system, which sounds like a sneeze – Tizen.

To be fair, Tizen is not found in the Galaxy 8 so the enthusiasm which the Tame Apple Press is reporting this story is probably a little desperate. But it is found in Samsung TVs and a couple of low cost phones.

Samsung has long sought to reduce its reliance on Google and Android to run its Galaxy smartphones and tablets and other devices.

It already has Tizen running on some 30 million smart TVs, as well as Samsung Gear smartwatches and in some Samsung phones in a limited number of countries like Russia, India and Bangladesh—the company plans to have 10 million Tizen phones in the market this year.

Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too.

But according to Israeli researcher Amihai Neiderman, it is the worst code he has ever seen. He found 40 unknown zero-day vulnerabilities.

"Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

But one security hole Neiderman uncovered was particularly critical – the TizenStore app. Neiderman says a flaw in its design allowed him to hijack the software to deliver malicious code to his Samsung TV.

TizenStore software operates with the highest privileges you can get on a device if you can crack it, the phone is yours.

TizenStore uses authentication to make sure only authorized Samsung software gets installed on a device, Neiderman found a heap-overflow vulnerability that gave him control before that authentication function kicked in.

He says much of the Tizen code base is old and borrows from previous Samsung coding projects, including Bada, a previous mobile phone operating system that Samsung discontinued.

Neiderman says he has been in contact with Samsung in recent days and shared snippets of the vulnerabilities he uncovered with the company. He also says Samsung needs to reconsider deploying Tizen in phones before doing a major overhaul of the code.

Last modified on 04 April 2017
Rate this item
(0 votes)

Read more about: