Samsung’s Smart TVs aren’t the company’s only products with backdoors that leave it open to exploitation. Amihai Neiderman, head of research at Equus Software, recently found that Samsung’s open source operating system Tizen was a security nightmare due to sloppy code.
After examining a batch of Tizen-powered Samsung smartphones, he found 40 unknown vulnerabilities that could allow hackers to remotely control any device using Tizen. Though much of Tizen’s code was taken from Bada, Samsung’s older mobile OS, the vulnerabilities are due to code that was written specifically for Tizen within the last two years.
Neiderman disclosed to Vice’s Motherboard the abysmal state of Tizen’s code, saying that it was some of “the worst code I’ve ever seen. Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it… You can update a Tizen system with any malicious code you want.”
One security hole he said was particularly dangerous was one that involved the Tizen Store, a separate app store for Tizen devices. By exploiting the code in this app, he was able to send malicious code to his Samsung TV. Samsung has since contacted Neiderman and he says he suggests that the company substantially overhaul Tizen’s code before releasing it onto more phones.