DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 22, 2018 
Main Menu
News archives

Who's Online
There are currently 200 people online.


Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller

Follow us

Samsung Tizen OS as leaky as a sieve, over 40 zero-days discovered

Posted on Wednesday, April 05 2017 @ 13:30:43 CEST by

Samsung logo
An Israeli security researcher spend some time with the Samsung Tizen operating system and discovered it's a hacker's dream. Designed by Samsung as an Android replacement, the OS is used on millions of Samsung products including smart TVs, smart watches and some mobile phones.

Unfortunately, the Tizen code appears to be one giant mess. Amihai Neiderman, the head of Equus Software, told Motherboard it may be the worst code he's ever seen and that Tizen appears to have been created by a group of people with zero understanding of security.
"It may be the worst code I've ever seen," he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."
Tizen has escaped the focus of the security community because it's not widely used. Neiderman began analyzing Tizen about eight months ago and he says he has already discovered a whopping 40 zero-day vulnerabilities in Tizen, including one that allows attackers to hijack the TizenStore app to deliver malicious code to a Samsung TV. Neiderman claims Samsung recycled a lot of bad code from previous projects like Bada, and notes the company seems to lack basic code development and review practices:
But most of the vulnerabilities he found were actually in new code written specifically for Tizen within the last two years. Many of them are the kind of mistakes programmers were making twenty years ago, indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba