Researcher states that Samsung’s operating system Tizen contains forty zero-days
An Israeli security researcher has discovered that Samsung’s operating system Tizen, which runs, among other things, smartwatches and smart TVs from the Korean electronics giant, contains 40 vulnerabilities.
According to researcher Amihai Neiderman, this allows attackers to easily hack into devices running on Tizen remotely, without requiring physical access to the devices. According to him, no one with security knowledge has looked at the code or helped write it. Speaking to Motherboard, Neiderman calls Tizen “possibly the worst code I’ve ever seen.”
The biggest vulnerability, according to Neiderman, is Samsung’s TizenStore app, which loads apps and updates to devices that run on the operating system. According to the researcher, there is a flaw in the design that allowed him to enter any code on his own Samsung TV. Although TizenStore uses authentication so that only Samsung software can be installed, Neiderman was able to bypass this authentication via a heap overflow.
An example of another vulnerability is the ‘strcpy() function’, which allows data to be written to memory. However, it does not check whether there is enough storage space available to write the data. This can cause a buffer overflow that attackers could easily exploit. According to Neiderman, no programmer today uses this feature, while Samsung’s programmers “use it everywhere”. Also, some data connections would not use SSL encryption.
Neiderman argues that much of Tizen’s code is outdated and is largely based on Samsung’s previous projects, such as Bada, a mobile phone operating system that Samsung stopped developing in 2013. However, Neiderman found most of the vulnerabilities in new code written specifically for Tizen.
Neiderman pointed out the vulnerabilities to Samsung months ago, but only received an autoreply from Samsung by email. Samsung now says it is working with Neiderman to close the leaks. Neiderman has confirmed that he is now in contact with Samsung.