In an effort to draw developers' interest, Samsung recently announced it would give a $10,000 bonus to top Tizen apps at the end of each month.
Noted as a sometime competitor to Android, the OS in questions has been described by Neiderman as "the worst code I've ever seen". Another exploit allowed Neiderman to hijack the TizenStore app and deliver malicious code to a Tizen device - namely his Samsung TV. Their attempt to create their own crappy and substandard replacement of Google software is hurting the company. Samsung is also inconsistent in its use of encryption, often foregoing that protection at the very moment it's most needed. According to the Ars Technica, the OS is predominantly used in smart devices, but Samsung continues to dabble with it on smartphones. He says that much of Tizen's code is borrowed from past Samsung projects, such as Bada, but most of the security issues are found within the newer bits of code.
The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised. Like Android, it's built on a Linux kernel, with a large chunk of open source software running on top.
An Israeli cybersecurity researcher has uncovered 40 unknown zero-day vulnerabilities in Samsung's operating system Tizen. To be more precise, it appears devices running on the Tizen OS are vulnerable to these exploits, which is of particular concern.
House OKs medical pot bill to boost minority businesses
The committee spent most of last week going over the 82-page bill on how medical marijuana would be overseen in the state. Growers have to pay a $100,000 initial fee that could be renewed after a year for $10,000.
Security researcher Amihai Neiderman of Equus Software told Motherboard that there are 40 unreported security vulnerabilities that would allow remote execution and hacking of every Samsung TV, watch or phone that is based on Tizen. Since the app store is one of the most trusted installations of a Tizen device, it can be used as an easy route for hackers to update the system with nasty malware. Some data isn't transmitted using SSL encryption, as well.
All the operating systems are open to bugs and vulnerabilities. We can be sure that Samsung is going to make sure that Tizen's security is going to be enhanced from now on.
If Neiderman reveals the details of this method of attack in his presentation, owners of Tizen-powered devices may want to take them offline until the vulnerability is fixed.
Samsung initially responded to Neiderman with an automated email response, but after Motherboard's report the company says it is "fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities".