Report: Samsung's Android replacement rife with security flaws

Report: Samsung's Android replacement rife with security flaws
© Getty Images

An operating system designed by Samsung to run everything from smart phones to refrigerators, slated for use in millions of cellphones in 2017, does not provide adequate security for public use, according to new research. 

"It may be the worst code I've ever seen," researcher Amihai Neiderman of Equus Security told Motherboard, which was given an advance briefing of a report being presented today at a security conference hosted by Kaspersky Lab in St. Maarten. 

The Tizen operating system is Samsung's attempt to release reliance on Android, the free operating system designed by Google. It is being slowly rolled out through Samsung's product base and is already available in phones in foreign markets, including Russia and India. 

ADVERTISEMENT

In an effort to draw developers' interest, Samsung recently announced it would give a $10,000 bonus to top Tizen apps at the end of each month. 

Neiderman claims to have discovered 40 previously undiscovered security flaws, including those that would allow hackers to run code without having physical access to the device.

Neiderman notes that the Tizen app store is given unlimited privileges to alter devices. Hackers who can find a way to take advantage of those privileges — as Neiderman has, by exploiting poor defenses against manipulating memory in devices — can easily run any malicious program they choose.

Other problems include the unencrypted transfer sensitive information, making it possible to fake, alter or snoop on devices sending data. 

"Tizen is going to be Samsung's biggest thing. We might see the new Galaxies running Tizen — it could happen that soon. But right now Tizen is not safe enough for that," he told Motherboard.