SAMSUNG'S HOMEGROWN TIZEN SOFTWARE, based on Linux, is reportedly "riddled" with security flaws.
Amihai Neiderman, a security researcher speaking at the Kaspersky Security Analyst Summit this week, claims that Tizen presents a significant security risk. It contains more than 40 known weaknesses, he says, making it "maybe the worst code I've ever seen", according to Motherboard.
The number of security flaws all compromise the security of the devices they run on, but Neiderman says the TV implementation of the software is particularly poor, as the TizenStore module with the highest security privileges enables attackers to install any malicious software on demand, once the devices have been compromised.
One part of the problem is code being repurposed and re-used from earlier 'Bada' projects, but Neiderman says that many of the more severe issues, which include buffer overrun exploits and incorrectly implemented encryption, are found in new code written in the last two years.
For Samsung, Tizen is its attempt to push beyond Google's Android confines for the future of its devices. It wants more control over both the hardware and software it creates, as well as higher profits from mobile and other devices.
But Neiderman argues that the South Korean company needs to reconsider a large-scale rollout of Tizen on smartphones until the overall security of the platform has been improved.
While it's worrying enough for Tizen-based TVs, putting an operating system on tens of millions of smartphones with these sorts of vulnerabilities could result in a lot of potential headaches for the company considering how much more personal info is stored on a phone compared to a TV.
Niederman says he tried to contact Samsung "months ago" but got a standard automated response.
In a vague statement provided to Motherboard, Samsung says it is "committed to working with security experts around the world to mitigate any security risks" through its smart TV bug bounty programme. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither