Tizen is Samsung’s long-touted OS to replace Android and Israeli security researcher Amihai Neiderman just delivered a talk on it at Kapersky Lab’s Security Analyst Summit where he revealed 40 new 0-day flaws in the OS, and showed that he could trivially send malicious code updates to any Tizen device, from TVs to phones, thanks to amateurish mistakes of the sort not seen in real production environments for decades.
Neiderman gave Samsung months to respond to his findings before going public, and they did nothing.
Tizen is the OS for 30 million smart TVs, as well as smartphones and smart watches. Samsung’s next generation of washing machines and fridges will also run Tizen.
One example he cites is the use of strcpy() in Tizen. “Strcpy()” is a function for replicating data in memory. But there’s a basic flaw in it whereby it fails to check if there is enough space to write the data, which can create a buffer overrun condition that attackers can exploit. A buffer overrun occurs when the space to which data is being written is too small for the data, causing the data to write to adjacent areas of memory. Neiderman says no programmers use this function today because it’s flawed, yet the Samsung coders “are using it everywhere.”He also found that the programmers failed to use SSL encryption for secure connection when transmitting certain data. They use it on some data transmissions but not others, and usually not on ones that need it most.
“They made a lot of wrong assumptions about where they needed encryption,” he says, noting that “it’s extra work to move between secure connections and unsecure connections.” This indicates that they didn’t do it inadvertently but were making conscious decisions not to use SSL in those places, he says.
Samsung’s Android Replacement Is a Hacker’s Dream
[Kim Zetter/Motherboard]