{"id":14525,"date":"2017-04-05T11:20:22","date_gmt":"2017-04-05T15:20:22","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=14525"},"modified":"2020-04-17T19:46:43","modified_gmt":"2020-04-17T17:46:43","slug":"tizen-40-bugs","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/tizen-40-bugs\/14525\/","title":{"rendered":"Tizen OS: 40 new vulnerabilities"},"content":{"rendered":"

For several years the biggest smartphone developer, Samsung, has been heavily promoting the Tizen operating system. This experiment began in 2013, when the market saw two new Samsung cameras that worked on Tizen OS. Later, the company released smartwatches that were also based on Tizen.<\/p>\n

In 2015, the OS landed on smartphones, starting with the relatively cheap Samsung Z1 <\/a>phone. In 2016 the Korean giant switched all of its smart TVs to Tizen. Finally, in 2017, during the Consumer Electronics Show, the company presented a washing machine<\/a>, a refrigerator, and a vacuum cleaner, all working on Tizen.<\/p>\n

Nowadays, tens of millions of devices, the vast majority of which are Smart TVs, use Tizen. It looks like Samsung is going to continue implementing and using the same OS in other consumer electronic goods, so this number will increase substantially<\/em> quite soon.<\/p>\n

It\u2019s high time to ask: Is Tizen secure?<\/p>\n

Here\u2019s the answer: It isn\u2019t. At all. At the Security Analyst Summit 2017<\/a> security expert Amihai Neiderman reported 40 zero-day vulnerabilities \u2014 yes, the unknown, unpatched vulnerabilities that are used to hack into the device and gain control over it. What\u2019s especially nasty is that the list includes security holes in Tizen\u2019s Store and the Tizen Browser. The Store has the highest privileges in the system, so the vulnerability in it can be used to push malware to Tizen devices.<\/p>\n

\u201cI found about 40 different bugs, most of them looked exploitable. It felt like 2005 in terms of the vulnerabilities I found: You open a book about vulnerability research, and it might be a first example you see,\u201d says Neiderman. \u201cRight now Tizen isn\u2019t mature enough, isn\u2019t ready enough to be sent to the public like this. If those vulnerabilities I found in a few hours of research, then somebody who\u2019s really going to dedicate himself to be a Tizen researcher will find way more<\/em> vulnerabilities.\u201d<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Samsung releases more and more devices with Tizen OS. At SAS 2017, we found out that this OS is highly insecure. <\/p>\n","protected":false},"author":421,"featured_media":14526,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1981,658,794,423,457,337,1980,333,508,705],"class_list":{"0":"post-14525","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-thesas2017","9":"tag-internet-of-things","10":"tag-iot","11":"tag-mobile-devices","12":"tag-samsung","13":"tag-sas","14":"tag-sas-2017","15":"tag-security-analyst-summit","16":"tag-smart-tv","17":"tag-tizen"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/tizen-40-bugs\/14525\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/tizen-40-bugs\/10981\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/tizen-40-bugs\/8623\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/tizen-40-bugs\/9065\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/tizen-40-bugs\/10336\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/tizen-40-bugs\/10040\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/tizen-40-bugs\/14538\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/tizen-40-bugs\/3068\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/tizen-40-bugs\/14525\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/tizen-40-bugs\/6890\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/tizen-40-bugs\/7234\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/tizen-40-bugs\/6523\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/tizen-40-bugs\/10027\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/tizen-40-bugs\/15151\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/tizen-40-bugs\/14525\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/sas\/","name":"SAS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/14525","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=14525"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/14525\/revisions"}],"predecessor-version":[{"id":27219,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/14525\/revisions\/27219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/14526"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=14525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=14525"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=14525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}