It is always troubling to find out consumer-grade electronics are increasingly vulnerable to hacking. In this particular case, Samsung devices have proven to be vulnerable to as many as 40 zero-day exploits. To be more precise, it appears devices running on the Tizen OS are vulnerable to these exploits, which is of particular concern.
Tizen OS Is Far Less Secure Than Assumed
Any operating system in the world suffers from unknown zero-day vulnerabilities. It doesn’t happen often several dozen of such exploits are discovered all at once, though. Unfortunately for Samsung, that is exactly what happened, as an Israeli researcher uncovered all of these vulnerabilities. It is more than likely hackers will remotely control smart TVs, smart watches, and mobile devices.
Even though Samsung has been looking to become less reliant on Google and Android, the Tizen OS still needs a lot of work. Considering how this operating system powers millions of consumer devices around the world, the news regarding these 40 vulnerabilities comes as quite a shock. Moreover, the company plans to use Tizen as an operating system for their new line of IoT devices as well.
Researcher Amihai Neiderman was quite baffled by how insecure the Tizen operating system is as well. In fact, he referred to his findings as “the worst code, ” he has ever seen in his professional career. Anything that could be remotely exploited is vulnerable to remote hacking. He strongly feels Samsung did not provide proper QA testing on the security level, otherwise most of these exploits would have been discovered a long time ago.
Knowing that hackers can take control of any Tizen OS device is not a positive feeling by any means. One security hole in particular is reason for extreme concern, as it allows hackers to hijack the Samsung TizenStore app. Once compromised, it becomes possible for hackers to install malicious code to the device in question. More specifically, hackers can insert any type of malicious code into a hacked device, as they will automatically receive the highest privileges possible.
To make matters even worse, SSL encryption is not used by default when it comes to transmitting secure data. While some Tizen transmissions require an SSL connection, most communication efforts do not. This leaves sensitive information exposed to anyone with the technical expertise to remotely hack a Tizen device. According to Neiderman, opting to not use SSL for all device communication is a conscious decision by Samsung.
One silver lining is how all of these flaws have been discovered before millions of mobile phones running Tizen OS have been shipped to consumers all over the world. However, that means most Samsung smart TVs and smartwatches are still prone to remote hacking. All of these vulnerabilities need to be addressed before more Tizen-based devices find their ways to consumers, that much is certain.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
