Samsung's Tizen still has a way to go

[WMGroomAK]

In an article originally carried on Motherboard and has since been published to other sources, an Israeli researcher studying the Tizen OS has unearthed over 40 zero-day vulnerabilities.  According to the researcher in the article:

 

http://hothardware.com/news/samsungs-tizen-smart-tv-smartwatch-os-riddled-with-zero-day-exploits

Quote

"It may be the worst code I've ever seen," said Amihai Neiderman, the researcher that discovered the vulnerabilities, in an interview with Motherboard. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."
Read more at http://hothardware.com/news/samsungs-tizen-smart-tv-smartwatch-os-riddled-with-zero-day-exploits#oFx8smQF1BO10ZY3.99

 

Now this is some fairly harsh language, however, Samsung is deploying the Tizen OS on a lot of their new products, including TVs, Smartphones, Smartwatches and SmartFridges.  According to this article, some of these security holes, especially on the TizenStore App, allow for code to be entered that then enables full control over the device.  Samsung's response to Motherboard is as follows:

 

Quote

Samsung Electronics takes security and privacy very seriously. We regularly check our systems and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue.

 

We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.

Read more at http://hothardware.com/news/samsungs-tizen-smart-tv-smartwatch-os-riddled-with-zero-day-exploits#oFx8smQF1BO10ZY3.99

https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities

https://www.engadget.com/2017/04/04/samsung-tizen-full-of-security-flaws/

 

Hopefully Samsung can issue a whole bunch of fixes for this, or at least revisit and audit their Tizen OS enough to actually find all the flaws in it...  

 

[LukaH]

a bad year for samsung. hope they get this fixed asap.

[BurstSMG]

Tizen or Ryzen?

*just a pinch of salt*

[Prysin]

and anyone is surprised?

[RollinLower]

Just now, Prysin said:

and anyone is surprised?

well, you'd think samsung has some reputation to restore after all that happened in 2016

[Prysin]

6 minutes ago, RollinLower said:

well, you'd think samsung has some reputation to restore after all that happened in 2016

AHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHAAHAHAHAHAAHAHAHAHAHAHA

 

no

[RollinLower]

Just now, Prysin said:

-snip-

well that was pretty dramatic  

what do you mean by that though? you don't think they should redeem some trust in the consumer market?

[mattebad]

Well at least they responded to the guys claims instead of just ignoring them which they could have done. But still, really, 40 zero day vunerabilities and nobody in netsec caught this?

[tlink]

16 minutes ago, mattebad said:

Well at least they responded to the guys claims instead of just ignoring them which they could have done. But still, really, 40 zero day vunerabilities and nobody in netsec caught this?

that probably just is because it can get a media buzz. 

[tlink]

this is very typical in end user stuff. i doubt they even have security researchers on their team or audit the software.