Samsung Electronics has remained in the news lately for all the wrong reasons. Now there is another not-so-great achievement by the company that is related to its Tizen operating system. According to the findings of an Israeli IT security researcher Amihai Neiderman, this OS contains not one or two but around 40 Critical security flaws. That’s what we may call it a highly vulnerable operating system because a single flaw in the software leads to devastating damages, therefore when there are 40 flaws you need to disregard the coding and write it afresh entirely.
Samsung uses Tizen OS in its mobile phones, smart TVs, and smartwatches. Samsung states that Tizen is an open-source OS. According to the company’s November 2016 statistics, the OS was used in 50 million devices including Samsung Gear S3 smartwatch and their Smart TVs. This means, if the analysis of Neiderman is accurate then the extent of impending security threat is also quite extensive in scope.
Neiderman has documented all the information in a detailed report and presented it at Kaspersky’s Security Analyst Summit, which was held at St. Marteen on Monday. Neiderman claims that he did contact Samsung regarding flaws in its Tizen OS a few months back but all he received was an automated response email. On the other hand, Samsung claimed that they are now collaborating with Neiderman for mitigating the “potential vulnerabilities.”
An official spokesperson of Samsung Mashable that “Samsung Electronics takes security and privacy very seriously. We regularly check our systems, and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue. We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.”
The Israeli researcher has claimed that all of the 40 flaws are of critical nature because they allow an attacker to gain control of any Samsung device remotely. However, the threat level also varies with every flaw, and some are highly critical. One of the identified flaws allows the attacker to control an app uploaded on Tizen OS app store called the TizenStore app. After controlling, the attacker can easily inject malicious code or malware into a Tizen device, reports MotherBoard.
Neiderman stated that after he purchased a Samsung Smart TV in 2016, he was curious to analyze the system’s reliability regarding software security. After the research was complete, he came to the conclusion that Tizen OS has the worst code among them all. He believes that nobody in their right mind would write code like this, which is full of security holes.
“Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.