40 Zero Days Found by Researcher — Samsung Tizen

40 Zero Days Found by Researcher — Samsung Tizen

Paul Calatayud, CTO of FireMon, added that the newly found bugs are especially concerning given that U.S. intelligence agencies were also revealed to have been researching exploits in smart TVs.

Neiderman presented his findings at a security conference sponsored by Kapersky Lab. The vulnerabilities affect all devices running Tizen including some Samsung phones, the Gear S2, the Gear Fit 2, Samsung TVs, etc.

Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too.

The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised. When Motherboard contacted the company they got a stock response: "Samsung Electronics takes security and privacy very seriously".

The security researcher told Motherboard that he has been discussing the flaws with Samsung, though the company hasn't said when-or even if-it might offer a fix.

More news: AOL and Yahoo to merge into new firm called Oath

Tom's Guide has reached out to Samsung for comment and will update this story when we receive a reply. "You can't do that when you're taking on Google and Android".

"It may be the worst code I've ever seen", said Neiderman an interview with Motherboard's Kim Zetter. He said Tizen's code may be "the worst he'd ever seen" and that the people who wrote it "don't have any understanding of security".

"You can update a Tizen system with any malicious code you want", Neiderman notes. However, vulnerabilities were found in some of the most recent codes written in the past two years. "Nearly every system app is vulnerable", Neiderman said. Motherboard reports that security researchers are preparing to unveil as many as 40 zero-day exploits for Samsung's Tizen operating system.

One of the pillars of open source software is that the "many eyes" of the community will catch flaws in a project's code. Considering how this operating system powers millions of consumer devices around the world, the news regarding these 40 vulnerabilities comes as quite a shock. Neiderman says that these critical bugs have the potential to allow hackers to control Tizen-powered devices remotely. Well, then you might consider rewriting the entire thing from scratch.

"Now that Linux is more mature, these issues are harder to find, although they still exist", Clark told LinuxInsider. "TV manufacturers must focus on testing automation and development methodologies to minimize successful attacks".

Related Articles

  • Henley wins Houston Open to clinch last Masters place

    Russell Henley powered to victory in the US PGA Tour Houston Open yesterday to secure the last invitation to the Masters. Ryu birdied the first playoff hole to take the LPGA's first major of the season under freakish circumstances.
    Trump signs repeal of US broadband privacy rules

    Trump signs repeal of US broadband privacy rules

    Using this private information supporters of the bill believe it will be beneficial for advertisers and marketers. American consumers' privacy deserves to be protected regardless of who handles their personal information.
    Melanie Brown Granted Restraining Order Against Stephen Belafonte For Alleged Domestic Abuse

    Melanie Brown Granted Restraining Order Against Stephen Belafonte For Alleged Domestic Abuse

    Mel B's ex Stephen Belafonte has celebrated his daughter Angel's 10th birthday. "We'll have our day in court". Stephen has denied all the allegations against him and says he has been left "distraught" by her claims.
  • North Carolina downs Gonzaga, 71-65, for NCAA national championship

    North Carolina downs Gonzaga, 71-65, for NCAA national championship

    North Carolina shot 34 percent from the field in the foul-riddled championship game, Gonzaga 36 percent. Nigel Williams-Goss scored 15 for Gonzaga and gave them the lead with a hoop with 1:55 to play.

    BlackBerry Ltd (BBRY) Operating Segment Reorganization Leaves Room for Concerns

    Wynnefield Capital Inc. purchased a new stake in BlackBerry during the fourth quarter worth approximately $5,409,000. Trefis has an $8 price estimate for BlackBerry, which is roughly in line with the current market price.
    Law professor: Gorsuch won't be 'robotic vote'

    Law professor: Gorsuch won't be 'robotic vote'

    A PCCC-commissioned poll found that the most effective line of attack against Gorsuch is his anti-worker, pro-corporate record . It takes 60 votes to clear a procedural hurdle that would allow for Gorsuch's confirmation and Republicans hold just 52 seats.
  • Owen Hargreaves says West Ham United won't get relegated

    Mark Lawrenson is backing Arsenal to edge to West Ham United at the Emirates Stadium on Wednesday night. The former is a class player on his day, but a luxury the side can not carry when he doesn't fancy it.
    Toronto Raptors (47-30) @ Indiana Pacers (37-40)

    Toronto Raptors (47-30) @ Indiana Pacers (37-40)

    Lance Stephenson scored a meaningless bucket late when he should have dribbled it out, triggering a mini-melee when P.J. The Pacers trailed by 19 in the first half last night before rallying to beat a very good Toronto Raptors team 108-90.
    Roger Federer, Microsoft's Gates to play doubles for charity

    Roger Federer, Microsoft's Gates to play doubles for charity

    Federer said he arrived at Key Biscayne with low expectations, given his heavy workload of late, and felt exhausted in the final. With that in mind, he plans to wait until a couple of weeks before the French to start practicing on clay.
  • Dem senator says he's open to preserving filibuster in Gorsuch debate

    Dem senator says he's open to preserving filibuster in Gorsuch debate

    With Gorsuch, scores of legal scholars and fellow colleagues from across the political spectrum have endorsed his nomination. The Supreme Court was exempted as part of a deal bringing along Democrats reluctant to change the rules.
    Apple-branded display in the works for iMac 'Pro' and Mac Pro

    Apple-branded display in the works for iMac 'Pro' and Mac Pro

    While the new modular redesign won't be coming out anytime this year, Apple is refreshing the Mac Pro in the meantime. Apple never announces products before they're getting ready to launch or ship them, but today they made an exception.
    State Recognizing Distracted Driving Awareness Month

    State Recognizing Distracted Driving Awareness Month

    The bucket truck effort alone on Wednesday netted 26 violators of which 14 were for distracted driving and several for seatbelts. Gray said Greenwich Police could could give out endless tickets for texting and driving and never do any other police work.