Samsung needs to tighten up Tizen security if it wants to one day replace Android on a lof its devices

Apr 4, 2017 22:48 GMT  ·  By

We like to think our devices are safe, but sometimes that can't be farther from the truth. That seems to be the case of Samsung devices running on the company's open-source operating system Tizen, which a researcher discovered to be ridden with 40 previously unknown vulnerabilities. 

This pretty much means that Tizen is a hacker's dream come true. All these zero-days discovered by Israeli researcher Amihai Neiderman could allow attackers to remotely hack millions of newer Samsung smart TVs, smart watches, and even mobile phones that are currently on the market, as well as some that are scheduled to be released. They wouldn't even need physical access to them.

With as much noise as the WikiLeaks CIA data dump produced last month, especially the notes indicating that the CIA can hack Samsung smart TVs via malware installed with the help of a USB stick, the fact that these devices could be hacked from afar should be cause for deep concern.

A try at independence 

In the past few years, Samsung has been trying to reduce its reliance on Google and Android. Tizen was its solution to the problem, installing it on about 30 million smart TVs, Samsung Gear smartwatches and some Samsung phones that are available in countries like Russia, India or Bangladesh, with more to come. What's more, Tizen is also moving towards IoT with smart washing machines and refrigerators to run on this operating system this year.

"It may be the worst code I've ever seen. Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code and wrote it. It's like taking an undergraduate and letting him program your software," Neiderman told Motherboard.

According to the researcher, the vulnerabilities are all critical and would allow hackers to take control of the devices from afar.

One zero-day in particular, however, is worse than the others, he says. According to him, Samsung's TizenStore, which is an app store, has a design flaw which allowed him to hijack the software to deliver malicious code to Samsung TV. Since TizenStore has the highest privileges you can get on a device, a hacker could make it do whatever it wanted.

"You can update a Tizen system with any malicious code you want," Neiderman notes. The researcher managed to find a heap-overflow vulnerability which gave him control of the app before the authentication function tied to TizenStore kicked in, which is what the app needs to make sure only authorized software gets installed on a device.

An accidental change of focus

Neiderman is chief of research at Equus Software in Israel. While the company usually focuses on Android phone research, they started looking into Tizen eight months ago when he bought a device running this software. It wasn't long before issues were discovered, which, of course, pushed Neiderman to also purchase some phones running Tizen to see what else he could do.

According to him, Tizen borrows heaps of code from previous Samsung coding projects, including the discontinued mobile OS Bada. While it's true that Tizen's code base is old, most of the vulnerabilities were found in lines written specifically for Tizen in the past couple of years.

On top of using outdated techniques, the Samsung programmers also failed to use SSL encryption for secure connection when transmitting certain data, while applying it for other types of data. "They made a lot of wrong assumptions about where they needed encryption," Neiderman notes.

The researcher reached out to Samsung months ago but didn't hear back. After Motherboard published its article, Neiderman finally got a reply as Samsung vows to work alongside him, as well as other security experts, to mitigate any potential vulnerabilities.