As we all know, Android is used to run all Samsung devices; however the company is trying to reduce its dependence on Google with the assistance of its own operating system. That OS is called Tizen and runs on Samsung’s smart TVs, smartwatches particularly the Gear series, as well as the minority of smartphones including the Galaxy Z series.
Tizen has been in progress for years. It some was seen on some phones running it at Mobile World Congress in Barcelona in February, where Samsung also announced the Tizen-powered Samsung Gear 2 and Gear 2 Neo. Finally, Samsung has launched the world’s first Tizen OS smartphone in Russia which is the Samsung Z.
Unfortunately, not all Android apps are compatible with Tizen. Only those run who get ported by either developers or SAMSUNG team. However, they do not consider like they should run as in Android. Tizen is an HTML5 OS which is something developed by Samsung called ACL (App Compatibility Layer) to run android apps.
Amihai Neiderman, a security researcher at Equus Software, has newly shared several upsetting information concerning Tizen. Although Samsung feels like enlarging its proprietary OS in the near future, one researcher said that it should be a basis for apprehension.
He also added that Samsung’s OS has as many as 40 zero-day vulnerabilities, tolerating despicable characters to slightly hack millions of smart TVs, mobile phones, and further merchandises.
Neiderman, in an interview with Motherboard, said Tizen’s code may be “the worst he’d ever seen” and that the people who wrote it “don’t have any understanding of security.” “It’s like taking an undergraduate and letting him program your software”, he added.
The weakness found in Tizen is somewhat scary because it allows hackers to take control of a Samsung device from afar, according to Neiderman. He also points out a very vital security error in the design of the TizenStore app, which hackers can use to send malevolent code to any Tizen devices.
Relatively, a lot of the Tizen code base is old and is borrowed from previous coding projects like Bada, according to Neiderman. On the other hand, most of the security holes he exposed were in the new code, which was actually written in the last two years.
Another attention-grabbing fact is that many of the security flaws are described as mistakes programmers were making twenty years ago.