'No physical access' required for Samsung smart TV hack

Randall Craig
April 6, 2017

It appears that no one who understands security was involved either in the writing of the code or in reviewing it, he said, resulting in everything going wrong that possibly could go wrong.

It may be the worst code I've ever seen.Everything you can do wrong there, they do it. These include Samsung's Gear S3 smartwatch; they also include the company's lineup of smart TVs, which recently came into focus after a WikiLeaks leak of CIA's hacking tools unearthed an exploit that enables the agency to eavesdrop on someone through a Samsung smart TV.

The Verge reports that Samsung plans to have 10 million phones on Tizen OS by the end of the year. "You can see that they took all this code and tried to push it into Tizen", Neiderman said. Upon discovering just how badly the code on his TV was written, the researcher chose to buy a bunch of Samsung smartphones that use the OS in order to test them out.

He revealed 40 previously unknown vulnerabilities in the software, which has been pushed by Samsung as it seeks to reduce its dependency on Google and Android. He strongly feels Samsung did not provide proper QA testing on the security level, otherwise most of these exploits would have been discovered a long time ago.

In fact, Tizen is being used on over 30 million TVs right now and Samsung wants to expand this number during the not so far away future.

The vulnerabilities Neiderman allegedly found in Tizen allow hackers to take control of a Samsung device from afar, which is a scary thought.

One security flaw involving TizenStore, Tizen's app store, could let a hacker pack malicious code with a software update. Amihai Neiderman, head of research at Equus Software, has discovered that the Tizen operating system which is used on millions of Samsung smartphones, wearables, and other smart appliances is chock-full of security holes. He believes that numerous 40 flaws-called zero day exploits because there are no fixes and hackers could take advantage of them right now-were caused by Samsung coding errors that were never discovered in product testing. The software in question here is Samsung's Tizen. Tizen's protections against it are insufficient, Neiderman said.

A key example is the Tizen Store. That apparently hasn't been the case with Tizen. Elsewhere, many of Tizen's most critical data transmissions aren't secured with SSL encryption. We might see the new Galaxies running Tizen, it could happen that soon.

The firm now says it is "fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities", although judging by the extent of the issues at play it may need more than a few patches to sort things out.

Other reports by Ligue1talk

Discuss This Article