MiddlewareSecuritySecurity ManagementSoftware

Samsung Tizen Is Riddled With Zero-Day Flaws, According To An Israeli Cyber Security Researcher

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Follow on:

Researcher Amihai Neiderman slammed Tizen for containing amateur level coding flaws

Samsung’s Tizen operating system is ripe for exploitation by hackers, according to Israeli researcher Amihai Neiderman, who claims to have found 40 zero-day vulnerabilities in the code.

In an interview with Motherboard, Neiderman noted slammed Tizen for having numerous cyber security flaws, and deemed it “the worst code I’ve ever seen”, noting it resembles something an amateur coder could create not one of the largest technology companies in the world.

Tizen troubles

Tizen Logo“Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software,” said Neiderman.

The vulnerabilities uncovered by the security researcher pose critical security flaws in that they enable remote code execution, which can lead to hacked devices being taken over by malicious actors.

While Samsung uses Google’s Android as the operating system for its smartphones, many of its other electronics, from smart TV and smartwatches through to connected fridges make use of Tizen.

This means there are potentially huge amounts of connected hardware running Tizen simply waiting to be cracked by hobby hackers through to cyber criminals, all thanks to the what Tizen containing what Neiderman deems to be basic coding flaws. One example being that Tizen does not require the use of the SSL protocol in all of its secure data transmissions.

Neiderman said Samsung was did not show much of a response to the flaws he pointed out to them a few months ago, but a statement sent to Silicon from the South Korean tech giant notes that it is beginning to take action to plug the Tizen security holes.

“Samsung Electronics takes security and privacy very seriously. We regularly check our systems and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue. We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Amihai Neiderman, to mitigate any potential vulnerabilities. Through our Bug Bounty program and internal security safeguards, Samsung continuously patches any would-be vulnerabilities,” a Samsung spokesperson said. 

Tizen could become a solid software platform for next-generation Internet of Things (IoT) devices, but it would appear for the time being that the operating system is not up to scratch to deliver a secure software environment for smart technology.

How much do you know about Samsung? Take our quiz!