Paul Calatayud, CTO of FireMon, added that the newly found bugs are especially concerning given that U.S. intelligence agencies were also revealed to have been researching exploits in smart TVs.
Neiderman presented his findings at a security conference sponsored by Kapersky Lab. The vulnerabilities affect all devices running Tizen including some Samsung phones, the Gear S2, the Gear Fit 2, Samsung TVs, etc.
Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too.
The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised. When Motherboard contacted the company they got a stock response: "Samsung Electronics takes security and privacy very seriously".
The security researcher told Motherboard that he has been discussing the flaws with Samsung, though the company hasn't said when-or even if-it might offer a fix.More news: AOL and Yahoo to merge into new firm called Oath
Tom's Guide has reached out to Samsung for comment and will update this story when we receive a reply. "You can't do that when you're taking on Google and Android".
"It may be the worst code I've ever seen", said Neiderman an interview with Motherboard's Kim Zetter. He said Tizen's code may be "the worst he'd ever seen" and that the people who wrote it "don't have any understanding of security".
"You can update a Tizen system with any malicious code you want", Neiderman notes. However, vulnerabilities were found in some of the most recent codes written in the past two years. "Nearly every system app is vulnerable", Neiderman said. Motherboard reports that security researchers are preparing to unveil as many as 40 zero-day exploits for Samsung's Tizen operating system.
One of the pillars of open source software is that the "many eyes" of the community will catch flaws in a project's code. Considering how this operating system powers millions of consumer devices around the world, the news regarding these 40 vulnerabilities comes as quite a shock. Neiderman says that these critical bugs have the potential to allow hackers to control Tizen-powered devices remotely. Well, then you might consider rewriting the entire thing from scratch.
"Now that Linux is more mature, these issues are harder to find, although they still exist", Clark told LinuxInsider. "TV manufacturers must focus on testing automation and development methodologies to minimize successful attacks".