Unreported Tizen vulnerabilities believed to be in the dozens
Amihai Neiderman, head of research at Equus Software in Israel, has found a tangled web of old and vulnerable code in Samsung’s up and coming mobile operating system, Tizen. A significant portion of code was found to be transferred from an older Samsung OS, Bada, while newer code written in the past two years has the most vulnerabilities, Neiderman told Motherboard.
The revelations come as the chaebol continues to inch towards replacing Android as its main operating system on its smartphones. Entry-level devices have made their way to markets in Russia, India and continental Africa. A WikiLeaks disclosure last month also found Samsung smart TVs, powered by Tizen, susceptible to hacking by the CIA for monitoring users through them. Tizen is also on other smart appliances as well as smart wearables like the Gear S3.
Neiderman criticizes the company for the shoddy state of Tizen’s code.
It may be the worst code I’ve ever seen […] Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.
All 40 vulnerabilities found allow for remote-code execution to take place, two critically placed in the TizenStore for applications — the service runs with the most privileges in the OS and its authentication process can be bypassed through an overflow operation. Some vulnerabilities trace back to decades-old code, seemingly prevalent in the Tizen outlay.
SSL encryption is enabled on some data transmissions, but not on all of them and especially on vital operations.
“They made a lot of wrong assumptions about where they needed encryption,” Neiderman said.
He attempted to contact Samsung months ago regarding the security holes, but got nothing more besides an automated email. Motherboard received a boilerplate statement prior to its article being published. After the article was published, Samsung followed up with this statement:
We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.
Neiderman is in contact with Samsung. He suggests that the company focus on repairing what’s on outgoing products before completely refreshing Tizen.