Amihai Neiderman, head of research at Equus Software in Israel, has found a tangled web of old and vulnerable code in Samsung’s up and coming mobile operating system, Tizen. A significant portion of code was found to be transferred from an older Samsung OS, Bada, while newer code written in the past two years has the most vulnerabilities, Neiderman told Motherboard.

The revelations come as the chaebol continues to inch towards replacing Android as its main operating system on its smartphones. Entry-level devices have made their way to markets in Russia, India and continental Africa. A WikiLeaks disclosure last month also found Samsung smart TVs, powered by Tizen, susceptible to hacking by the CIA for monitoring users through them. Tizen is also on other smart appliances as well as smart wearables like the Gear S3.

Neiderman criticizes the company for the shoddy state of Tizen’s code.

It may be the worst code I’ve ever seen […] Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.

All 40 vulnerabilities found allow for remote-code execution to take place, two critically placed in the TizenStore for applications — the service runs with the most privileges in the OS and its authentication process can be bypassed through an overflow operation. Some vulnerabilities trace back to decades-old code, seemingly prevalent in the Tizen outlay.

SSL encryption is enabled on some data transmissions, but not on all of them and especially on vital operations.

“They made a lot of wrong assumptions about where they needed encryption,” Neiderman said.

He attempted to contact Samsung months ago regarding the security holes, but got nothing more besides an automated email. Motherboard received a boilerplate statement prior to its article being published. After the article was published, Samsung followed up with this statement:

We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.

Neiderman is in contact with Samsung. He suggests that the company focus on repairing what’s on outgoing products before completely refreshing Tizen.

You May Also Like

AirPods, AirPods Pro and 10.2-inch iPads are discounted on Amazon

There are more deals for Apple products on Amazon that include the new AirPods Pro and the latest 10.2-inch iPad model

We have new leaked renders of the Samsung Galaxy S11

We have new leaked images of the Samsung Galaxy S11, and they show several design changes
nubia Red Magic 3S Eclipse Black

nubia Red Magic 3S Eclipse Black now available for purchase

After the Red Magic 3 and Red Magic 3S, the company is now announcing the availability of the nubia Red Magic 3S Eclipse Black.