Samsung's Tizen scores high on vulnerabilities, says researcher
Tizen is a hacker's dream come true and Samsung has to work hard to remove all vulnerabilities
Everyone thinks their devices are safe. With numerous security protocols in place, there are still instances which lead to lapse in security. This seems to be the case of Samsung devices running on the company’s open-source operating system Tizen, which a researcher discovered to be ridden with around 40 previously unknown vulnerabilities.
This pretty much means that Tizen is a hacker’s dream come true. All these zero-days discovered by Israeli researcher Amihai Neiderman could allow attackers to remotely hack millions of newer Samsung smart TVs, smart watches, and even mobile phones that are currently on the market, as well as some that are scheduled to be released. They wouldn’t even need physical access to them.
With as much noise as the Wikileaks CIA data dump which came out last month, especially the notes indicating that the CIA can hack Samsung smart TVs via malware installed with the help of a USB stick, the fact that these devices could be hacked remotely is a cause of deep concern.
Since last few years, Samsung has been trying to reduce its reliance on Google and Android. Tizen was its solution to the problem, installing it in about 30 million smart TVs, Samsung Gear smartwatches and some Samsung phones available in Russia, India, and Bangladesh etc.
One zero-day in particular, however, is worse than the others, he says. According to him, Samsung's TizenStore, which is an app store, has a design flaw which allowed him to hijack the software to deliver malicious code to Samsung TV. Since TizenStore has the highest privileges you can get on a device, a hacker could make it do whatever it wanted.
"You can update a Tizen system with any malicious code you want," Neiderman notes. The researcher managed to find a heap-overflow vulnerability which gave him control of the app before the authentication function tied to TizenStore kicked in, which is what the app needs to make sure only authorized software gets installed on a device.
Also, Samsung programmers failed to use SSL encryption for secure connection when transmitting certain data, while applying it for other types of data. "They made a lot of wrong assumptions about where they needed encryption," Neiderman notes.
The researcher reached out to Samsung months ago but didn't hear back. After Motherboard published its article, Neiderman finally got a reply as Samsung vows to work alongside him, as well as other security experts, to mitigate any potential vulnerabilities.