Recently published CIA exploits uncovered the ability for intelligence agencies to hack into Samsung smart TVs, but it appears the flaws in Samsung’s ecosystem run much deeper. Motherboard reports that security researchers are preparing to unveil as many as 40 zero-day exploits for Samsung’s Tizen operating system. Samsung uses Tizen on a range of TVs, smartwatches, and phones, and the vulnerabilities will allow attackers to hack the devices remotely.
Tizen runs on around 30 million TVs, and Samsung plans to have 10 million phones running the software by the end of the year. Samsung has attempted to move to Tizen on its devices as a way to loosen its reliance on Google’s Android software, but it’s clear Tizen isn’t secure and ready for popular devices like the company’s Galaxy range of handsets.
Israeli researcher Amihai Neiderman claims Samsung’s open-source Tizen operating system “may be the worst code I've ever seen,” noting in an interview with Motherboard that “you can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."
Neiderman has uncovered a number of flaws that can be triggered remotely, but one of them appears to be major security issue in Samsung’s operating system. One flaw lets attackers hijack a TV and install malicious code on it, allowing any hacker to take full control over a TV through the TizenStore software. Neiderman plans to fully detail his findings during a talk at Kaspersky Lab's Security Analyst Summit on Monday.
Samsung initially responded to Neiderman with an automated email response, but after Motherboard’s report the company says it is “fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.”