Latest in Gear

Image credit: engadget

Samsung's in-house OS is a security nightmare

Tizen makes a number of rookie mistakes.
888 Shares
Share
Tweet
Share
Save

Sponsored Links

engadget

Samsung's Tizen platform might give the company the technological independence it wouldn't have if it stuck to outside software like Android, but it's apparently a security disaster. Researcher Amihai Neiderman tells Motherboard he has discovered 40 unpatched vulnerabilities in Samsung's operating system, exposing many of its smartphones, smartwatches and TVs to remote attacks. Reportedly, it's the "worst code" the expert has "ever seen" -- it was designed by a team that had no real understanding of security concepts, and makes mistakes that virtually anyone else would avoid.

A key example is the Tizen Store. While the portal does authenticate to make sure that you're only installing approved apps, there's an exploit that lets you take control before authentication kicks in. Use that and you can send whatever malware you want to a device. Samsung is also inconsistent in its use of encryption, often foregoing that protection at the very moment it's most needed. And did we mention that many of the flaws appear to have been introduced in the past 2 years, so they weren't just inherited from legacy code?

Neiderman says he disclosed the flaws to Samsung months ago, but didn't get more than an automated response until recently. The tech giant, meanwhile, says it's "fully committed" to working with the researcher and points to its SmartTV Bug Bounty program as an example of efforts it takes to patch holes. Don't be surprised if many of the immediate vulnerabilities are fixed before long. However, the findings suggest that the company also needs to rethink the very basics of Tizen's security strategy if it's going to keep you safe going forward.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
888 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best mobile devices for students

The best mobile devices for students

View
'Windjammers 2' is a stylish update to a Neo Geo classic

'Windjammers 2' is a stylish update to a Neo Geo classic

View
Self-folding 'Rollbot' changes its shape in response to heat

Self-folding 'Rollbot' changes its shape in response to heat

View
The Morning After: iPhone 'Pro' rumors

The Morning After: iPhone 'Pro' rumors

View
Google Photos can now search for text in images

Google Photos can now search for text in images

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr