Amihai Neiderman, head of research at Equus Software in Israel, has found a tangled web of old and vulnerable code in Samsung’s up and coming mobile operating system, Tizen. A significant portion of code was found to be transferred from an older Samsung OS, Bada, while newer code written in the past two years has the most vulnerabilities, Neiderman told Motherboard.

The revelations come as the chaebol continues to inch towards replacing Android as its main operating system on its smartphones. Entry-level devices have made their way to markets in Russia, India and continental Africa. A WikiLeaks disclosure last month also found Samsung smart TVs, powered by Tizen, susceptible to hacking by the CIA for monitoring users through them. Tizen is also on other smart appliances as well as smart wearables like the Gear S3.

Neiderman criticizes the company for the shoddy state of Tizen’s code.

It may be the worst code I’ve ever seen […] Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.

All 40 vulnerabilities found allow for remote-code execution to take place, two critically placed in the TizenStore for applications — the service runs with the most privileges in the OS and its authentication process can be bypassed through an overflow operation. Some vulnerabilities trace back to decades-old code, seemingly prevalent in the Tizen outlay.

SSL encryption is enabled on some data transmissions, but not on all of them and especially on vital operations.

“They made a lot of wrong assumptions about where they needed encryption,” Neiderman said.

He attempted to contact Samsung months ago regarding the security holes, but got nothing more besides an automated email. Motherboard received a boilerplate statement prior to its article being published. After the article was published, Samsung followed up with this statement:

We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.

Neiderman is in contact with Samsung. He suggests that the company focus on repairing what’s on outgoing products before completely refreshing Tizen.

You May Also Like
HUAWEI P40 Pro+ vs Samsung Galaxy S20 Ultra

Android smartphones with the most RAM in the market – March 2020

We have made a list with the best Android smartphones in the market that include the most significant amount of RAM available right now

Royole unveils FlexPai 2 with an improved foldable display and upgraded internals

The Royole FlexPai 2 brings upgrades such as the faster Snapdragon 865 chip, 5G connectivity, LPDDR5 RAM, and above all, a better display.

HUAWEI P40 vs HUAWEI Mate 30: Specs comparison

HAUWEI P40 is the new photography-centric flagship phone on the block, but how does it fare against the HUAWEI Mate 30 on paper? Check it out here.