Samsung has been building a reputation for rock solid security through the Knox platform, mainly for their interests in seeding the enterprise market. That’s why we thought it odd that the company’s Tizen OS is being blasted by a security researcher presenting for Motherboard by the name of Amihai Neiderman.
The report talks about various critical holes throughout the company’s operating system, such as the code used for the app store. It’s said that it’s trivial for an experienced hacker to hijack the store in order to deliver malicious code to his Samsung TV.
Oh wait, that’s right — Tizen isn’t just the fledgling OS Samsung is hoping to use to wean themselves off Android. They use Tizen for almost all their non-phone and non-tablet smart products, including TVs, appliances, and smartwatches.
Further findings suggest Samsung’s code is not only old but also seemingly written by someone lacking basic development practices as evidence by using now-defunct coding standards that were outcast as much as 20 years ago.
His evaluation of the company’s software was pretty brutal, though with good reason if any of it is accurate. It would be quite the joke for Samsung’s second biggest consumer software platform to be so insecure when they have aspirations of being top dog in government and enterprise.
“It may be the worst code I’ve ever seen,” he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab’s Security Analyst Summit on the island of St. Maarten on Monday. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
Samsung was contacted about the story, and the company said they’re already in talks with Neiderman to evaluate their software and improve security for their SmartTV, and hopefully the entirety of the Tizen platform, in the future.