Your browser is not Javascript enable or you have turn it off. We recommend you to activate for better security reasonSamsung's Tizen TV OS is full of security holes, claims researcher - FlatpanelsHD

Samsung's Tizen TV OS is full of security holes, claims researcher

04 Apr 2017 | Rasmus Larsen |

"It may be the worst code I've ever seen," the security researcher told Motherboard. He has found 40 vulnerabilities in Samsung’s Tizen operating system that powers Smart TVs, watches, connected home devices, and phones.

Tizen is not secure

Tizen is Samsung’s Android replacement designed to power Smart TVs, watches, phones, and even connected devices for the smart home such as door locks.

But it is also a hacker’s dream, according to a security researcher form Equus Software in Isreal. Amihai Neiderman started examining the operating system 8 months ago after he bought a Samsung Smart TV.

- "It may be the worst code I've ever seen," Amihai Neiderman told Motherboard ahead of his presentation at Kapersky Lab’s Security Analyst Summit this Mondag. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

”You can update a Tizen system with any malicious code you want”
All of his findings will be shared with the world at a conference on Monday but he says that one of the vulnerabilities involves the TizenStore that runs with the highest privileges in the system, allowing him to execute any type of malicious code. He also found that “programmers failed to use SSL encryption for secure connection when transmitting certain data. They use it on some data transmissions but not others, and usually not on ones that need it most”, according to the report from Motherboard. Samsung has in the past been criticized for not using encryption on its TVs.

He found a total of 40 vulnerabilities that can be exploited remotely. It is not necessary to have access to the product.

- “You can update a Tizen system with any malicious code you want," said Neiderman.

Samsung was expecting to sell 30 million Tizen-based Smart TVs in 2015 – the same year that the OS was introduced in TVs. Samsung equipped even more TVs with Tizen in 2016 and will continue using the OS in 2017. Tizen is also installed on over 10 million phones and is heading to other types of devices.

Samsung SmartThings


Samsung forced to act

Amihai Neiderman contacted Samsung months ago but received an automated email in response.

After Motherboard published its article Samsung sent the following statement.

- "We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities. Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks."

A little less than two years ago, Samsung proclaimed that Tizen was built with security in mind but you may want to think twice before using your Samsung TV as a hub for your connected door locks and other devices in your home.

- Source: Motherboard



Latest news

Samsung Serif TV

Samsung expands range of lifestyle TVs - The Frame, Serif & Sero

21 Feb 2020 | Rasmus Larsen |

Disney+ arrives on (some) Vizio TVs

21 Feb 2020 | Rasmus Larsen |
Sony UHD Blu-ray player

Sales of UHD Blu-ray players in decline

20 Feb 2020 | Rasmus Larsen |
Panasonic HZ1000 OLED

Panasonic unveils 2020 HZ1500 & HZ1000 OLED TVs with Filmmaker Mode

18 Feb 2020 | Rasmus Larsen |
Panasonic HX940

Panasonic announces 2020 HX940, HX900 & HX800 4K LCD TVs

18 Feb 2020 | Rasmus Larsen |
Samsung Q60T

Samsung's most advanced "QLED" LCD tech is now reserved for its 8K TVs

17 Feb 2020 | Rasmus Larsen |
Samsung Q80T

Samsung unveils its 2020 line-up of 8K and 4K "QLED" LCD TVs

17 Feb 2020 | Rasmus Larsen |
Star Wars box-set

Star Wars: The Skywalker Saga box-set coming to UHD Blu-ray in March

14 Feb 2020 | Rasmus Larsen |