Equus Software researcher Amihai Neiderman from Israel revealed a shocking report, in which he says Samsung's operating system Tizen may be "the worst code I've ever seen". Following the examination of Samsung's not so popular OS, Neiderman concluded that the developers have done everything wrong in the system.
In particular, Neiderman pointed to the flawed implementation of Samsung's Tizen Store for downloading apps. "You can update a Tizen system with any malicious code you want," he noted, as the store software itself runs with full device privileges that can be assumed by any process capable of taking control of it.
Samsung's code was also reported to inconsistently use SSL encryption, enabling sensitive data to be sent in the clear and making it far easier for any hacker to hack into the system.
The researcher says that most of the Tizen code base is old and borrows from previous Samsung coding projects, including Bada, a previous mobile phone operating system that Samsung discontinued.
Samsung already uses this software in some 30 million smart TVs, Samsung Gear smartwatches and in some smartphones in a limited number of countries like Russia, India and Bangladesh—the company plans to have 10 million Tizen phones in the market this year, reported Motherboard.
Samsung announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too and initially it was also reported that Tizen will power the Galaxy S8 and its Bixby, fortunately, that didn't happen.
Unlike Android users, most people using tizen do not even understand that they are using such a flawed and vulnerable software that could expose their privacy and sensitive data at any given moment.
As per Motherboard, Neiderman contacted Samsung months ago to report the problems he found but got only an automated email in response. When Motherboard contacted the Korean company, a Samsung spokesperson sent a boilerplate response via email: "Samsung Electronics takes security and privacy very seriously. We regularly check our systems and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue."
