Samsung's Android alternative is a security disaster, says researcher

Samsung is best known for its devices running Android, but the company’s long-term strategy is to reduce its reliance on Google with the help of its own operating system. It is called Tizen and runs on Samsung’s smart TVs, smartwatches (Gear series), as well as a few smartphones (Galaxy Z series).

Samsung wants to expand its proprietary OS in the near future, but according to one researcher, that should be a reason for concern. Amihai Neiderman, who is a security researcher at Equus Software, has recently shared some disturbing information regarding Tizen. He said that Samsung’s OS has as many as 40 zero-day vulnerabilities, allowing nefarious characters to remotely hack millions of smart TVs, mobile phones, and other products.

In an interview with Motherboard, Neiderman absolutely destroyed Tizen. He said Tizen’s code may be “the worst he’d ever seen” and that the people who wrote it “don’t have any understanding of security.” “It’s like taking an undergraduate and letting him program your software”, he added.

The vulnerabilities Neiderman allegedly found in Tizen allow hackers to take control of a Samsung device from afar, which is a scary thought. Neiderman points out a very critical security flaw in the design of the TizenStore app, which hackers can use to send malicious code to Tizen devices.

Neiderman also claims that quite a lot of the Tizen code base is old and borrows from previous coding projects like Bada. However, most of the security holes he uncovered were in the new code, which was written in the last two years. What’s even more interesting is that many of the security flaws are described as mistakes programmers were making twenty years ago.

There you have it. It looks like Samsung’s Tizen isn’t the safest operating system you can use. Of course, Android has its fair share of security vulnerabilities, and considering the huge scale of the Android ecosystem, even small issues could affect many users. That said, the scrutiny that Android endures means that vulnerabilities are identified (though not necessarily patched) rather quickly. That might not be the case with a less popular operating system like Tizen.