The Motherboard blog has described the Samsung Tizen OS as a ‘Hacker’s Dream’ and a researcher said that he had found 40 vulnerabilities and the site quotes the researcher as saying “It may be the worst code I’ve ever seen. Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
The consultant said that one particular vulnerability in the TizenStore allowed him to deliver malicious code to his Samsung TV. He also said that while some of the bad code came from old code previously used in Bada, an earlier Samsung OS, many of the faults are in code from the last couple of years.
Analyst Comment
This could be a big problem for Samsung which has been expanding its use of Tizen in phones and it adopted it for its smart signage products as well as seeing it as the core for its IoT products. Samsung’s strong brand position means that it is now getting the kind of scrutiny that Sony ‘enjoyed’. It won’t be trivial or quick to sort out this problem and given the issues with the Note 7, the shine might be coming off, although the S8 had a good launch and that will help balance out the coverage. However, the idea that Samsung is not good at software is not good for its ability to move away from its dependence on Google’s Android, something it will have to do at some point in the future.
The blog reported that the researcher had only got ‘boilerplate’ responses from Samsung. I suspect that by now, the attention of the management has been drawn to this issue. (BR)