Samsung’s very own Tizen platform is yet to mount a significant threat against rivals like Android and iOS, and it’s probably a good job more of us aren’t using it. According to one security researcher, the operating system is a hacker’s dream, with 40 unknown vulnerabilities that could allow anyone to break into Samsung Smart TVs, smartwatches, and more.
Samsung has been developing Tizen alongside the likes of Intel, Huawei, Panasonic, and more for years, but it’s the only company in the Tizen Association that actually uses and distributes the operating system. That’s likely because Samsung has good uses for it, whereas the others rely on more popular platforms like Android.
But you should be wary of any Tizen-powered devices you own. Motherboard reports that a security researcher in Israel has discovered 40 zero-day vulnerabilities in the platform that could be used by hackers to gain control of your devices remotely. “It may be the worst code I’ve ever seen,” said Amihai Neiderman.
“Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
Of course, every platform has its vulnerabilities — even Android and iOS. However, there tend to be very few of them in software that’s used by millions of people. And although Tizen isn’t found on many smartphones, it is installed on 30 million Smart TVs, as well as other Samsung smart appliances and the Gear lineup of smartwatches.
That’s a heck of a lot of people who are at risk of being hacked.
Every single one of the vulnerabilities found would enable hackers to take control of a Samsung device without having physical access to it. One of them allowed Neiderman to hijack software distributed by the TizenStore — the platform’s Google Play alternative — and send malicious code to his Smart TV.
“You can update a Tizen system with any malicious code you want,” Neiderman says. He added that much of Tizen’s code is old, and borrowed from previous Samsung projects, including the Bada platform that was installed on more affordable touchscreen Samsung phones. However, many of the vulnerabilities were discovered in code written within the last two years.
It’s thought Tizen users have been ignored by hackers up until now because the platform simply isn’t as widespread as its rivals, and there’s less of a payoff when hacking something like a Smart TV or refrigerator than there is a smartphone. But that’s likely to change now that we know Tizen is so easy to break into.
Fortunately, Samsung is now working with Neiderman to address the issues he has identified, so we should see fixes for these vulnerabilities soon. In the meantime, keep a close eye on your Tizen devices.