Samsung Electronics has remained in the news lately for all the wrong reasons. Now there is another not-so-great achievement by the company that is related to its Tizen operating system. According to the findings of an Israeli IT security researcher Amihai Neiderman, this OS contains not one or two but around 40 Critical security flaws. That’s what we may call it a highly vulnerable operating system because a single flaw in the software leads to devastating damages, therefore when there are 40 flaws you need to disregard the coding and write it afresh entirely.
Samsung uses Tizen OS in its mobile phones, smart TVs, and smartwatches. Samsung states that Tizen is an open-source OS. According to the company’s November 2016 statistics, the OS was used in 50 million devices including Samsung Gear S3 smartwatch and their Smart TVs. This means, if the analysis of Neiderman is accurate then the extent of impending security threat is also quite extensive in scope.
More: Here’s What a Samsung Galaxy S7 Hacked with Ransomware Looks Like
Neiderman has documented all the information in a detailed report and presented it at Kaspersky’s Security Analyst Summit, which was held at St. Marteen on Monday. Neiderman claims that he did contact Samsung regarding flaws in its Tizen OS a few months back but all he received was an automated response email. On the other hand, Samsung claimed that they are now collaborating with Neiderman for mitigating the “potential vulnerabilities.”
An official spokesperson of Samsung Mashable that “Samsung Electronics takes security and privacy very seriously. We regularly check our systems, and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue. We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.”
The Israeli researcher has claimed that all of the 40 flaws are of critical nature because they allow an attacker to gain control of any Samsung device remotely. However, the threat level also varies with every flaw, and some are highly critical. One of the identified flaws allows the attacker to control an app uploaded on Tizen OS app store called the TizenStore app. After controlling, the attacker can easily inject malicious code or malware into a Tizen device, reports MotherBoard.
More: Hacker Shows How Smart TVs Can Be Remotely Hacked
Neiderman stated that after he purchased a Samsung Smart TV in 2016, he was curious to analyze the system’s reliability regarding software security. After the research was complete, he came to the conclusion that Tizen OS has the worst code among them all. He believes that nobody in their right mind would write code like this, which is full of security holes.
“Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.
![The leaked database was discovered on Shodan on May 14th.[wp_ad_camp_1][hlink][/hlink]A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles including those of influencers and brands has reportedly been discovered by security researcher Anurag Sen. The affected individuals include famous food bloggers and celebrities too apart from social media influencers. This database, which belongs to Chtrbox reportedly contains 49 million records was hosted on AWS (Amazon Web Services) and got exposed because it wasn’t protected with a password. Chtrbox is a Mumbai-based marketing firm that connects social media influencers to brands looking to market their products.See: Facebook: Storing Instagram passwords in plain text & harvesting your emailsEvery single record in the exposed database contains data belonging to social media influencers’ accounts and in some cases, even the account location is also mentioned. Each account has different worth depending on the number of followers, reachability, and engagement on the platform.[wp_ad_camp_1][hlink][/hlink]Zack Whittaker of TechCrunch contacted Chtrbox to inform about the exposed database, and it was eventually removed. It must be noted that Anurag claimed to discover the exposed database on Shodan on May 14th but in a statement issued by Chtrbox stated that the database was only exposed for 72 hours and contained no personal data.Whittaker also tweeted on Chtrbox's statement and called it "inaccurate."On the other hand, the Instagram spokesperson stated that they are figuring out the issue in order to understand whether the data actually is of Instagram accounts or of other sources."We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available," the spokesperson told TechCrunch.[wp_ad_camp_1][hlink][/hlink]Whittaker claims that the information in the database must have been scraped from various publicly available social media accounts as it also included data such as the cost of a particular post and number of likes, etc. Moreover, some of the influencers claim that they aren’t associated with Chtrbox.See: Russian Hackers Control Malware via Britney Spears Instagram PostsFacebook, which owns Instagram, told TechCrunch that it is reviewing the matter. It is worth noting that Instagram doesn’t allow account scraping while Chtrbox claims that its client base boasts of over 184,000 Instagram influencers. This number is much less than the number of records found in the exposed database.Previously, hackers were found compromising and holding several Instagram influencers accounts for ransom - In the other case, personal data of top celebrities on Instagram was stolen and traded online while several dark web marketplaces were also seen selling Instagram data of 6 million celebrities.Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.](https://www.hackread.com/wp-content/uploads/2019/05/database-with-millions-of-instagram-influencers-leaked-online-1.jpg)