Skip to main content
  1. Home
  2. Mobile
  3. News

Security expert: Samsung's Tizen operating system is a hacker's dream

By

tizen security multiple exploits os samsung suwon south korea 4 1500x1000
Image used with permission by copyright holder
Tizen, Samsung’s open-source operating system, is riddled with vulnerabilities. That’s according to Motherboard, which spoke with an Israel-based Tizen security expert.

Samsung’s Tizen contains as many as 40 unknown bugs, or zero-days, that could allow a cyber criminal to hack devices without needing to physically access them. “It may be the worst code I’ve ever seen,” Amihai Neiderman, a Kaspersky Labs researcher, told Motherboard. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it.”

Recommended Videos

One security flaw involving TizenStore, Tizen’s app store, could let a hacker pack malicious code with a software update. TizenStore takes measures to ensure that only verified software is installed on Tizen devices, but those measures can be overridden. “You can update a Tizen system with any malicious code you want,” said Neiderman.

Please enable Javascript to view this content

Another flaw exploits buffer overrun, a condition that occurs when the space to which data is being written is too small for the data. Tizen’s protections against it are insufficient, Neiderman said.

Related

And Tizen failed to use encryption for secure connections when transmitting certain data. “They made a lot of wrong assumptions about where they needed encryption,” Neiderman told Motherboard.

The problem stems in part from unwieldy code. Neiderman told Motherboard that much of the Tizen code base is old and borrows from previous Samsung projects, including Bada, a discontinued mobile phone operating system. “You can see that they took all this code and tried to push it into Tizen,” he said.

That’s bad news. Samsung, in a long-running effort to reduce its reliance on Google’s Android operating system, is shipping a growing number of devices with Tizen.

“Tizen is going to be Samsung’s next biggest thing. We might see the new Galaxies running Tizen, it could happen that soon. But right now Tizen is not safe enough for that.”

Tizen powers more than 30 million of the company’s smart TVs, tens of millions of Samsung Gear smartwatches, and prototypical smart washing machines and refrigerators. And it’s in smartphones as well. Samsung has Tizen running on phones in countries like Russia, India, and Bangladesh, and plans to have 10 million Tizen phones in the market this year.

Samsung told Motherboard that it’s working with Niederman to address the bugs. “We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmarTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.”

Editors’ Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Operation Shush: The rise and fall of Samsung’s unloved Bixby assistant
Bixby Galaxy S21 Trending

There’s a silent campaign -- let's call it Operation Shush -- to stop you from using Bixby on your Samsung phone. The virtual assistant was once heralded as the future of control for connected Samsung devices, and the answer to Apple’s Siri and Google's Assistant. Today, just like the Galaxy Home — a Bixby-focused product that has never been released — Bixby isn’t mentioned much at all, almost as if it’s hoped we forget it ever existed.

What happened? And does Bixby deserve to be silenced?
Lofty expectations
“The possibility of what Bixby can become is endless,” Injong Rhee, Samsung’s head of research and development, wrote in the original 2017 announcement, arguably setting Bixby up for failure right from the start. We were told Bixby was “a new intelligent interface on our devices” and “fundamentally different from other voice agents or assistants in the market.”

Read more
The OnePlus 13 is coming on January 7 — along with a surprise
The OnePlus logo on the back of the OnePlus Open Apex Edition.

It's official: the OnePlus 13 will launch on January 7, 2025. Preempting the anticipated event by several weeks, OnePlus has officially confirmed the date we’ll see its next major smartphone release outside of China. Additionally, it has revealed some key features and news of a surprise new launch to go along with the phone.

OnePlus will release the OnePlus 13 in three different colors — Black Eclipse, Arctic Dawn, and Midnight Ocean. It’s the latter that is likely to be the model to have, as it is wrapped in a material called micro-fiber vegan leather, which is apparently corrosion and scratch-resistant but still luxurious to the touch. For the Arctic Dawn phone, the glass will have a special coating to give it a silky-smooth finish. It’s likely these are the same colors offered in China, where the phone has already been announced, just with different names.

Read more
I’m really worried about the future of smart glasses
The front of the Ray-Ban Meta smart glasses.

The Ray-Ban Meta smart glasses are among the most interesting, unexpectedly fun, and surprisingly useful wearables I’ve used in 2024. However, as we go into 2025, I’m getting worried about the smart glasses situation.

This isn’t the first time I’ve felt like we’re on the cusp of a new wave of cool smart eyewear products, only to be very disappointed by what came next.
Why the Ray-Ban Meta are so good

Read more