Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
The operating system that powers many Samsung smart TVs, smart watches and smartphones is full of security holes and can easily be hacked into remotely, an Israeli researcher says.
"It may be the worst code I've ever seen," Equus Software researcher Amihai Neiderman told Vice Motherboard's Kim Zetter. "Everything you can do wrong there, they do it."
The software in question is Tizen, a Linux-based mobile OS similar to Android. Tizen runs on Samsung Gear smartwatches, Samsung Gear Fit fitness bands, some Samsung smart cameras, low-end Samsung smartphones sold in India and other countries, and on every Samsung smart TV made since 2015.
MORE: Galaxy S8 Facial Recognition Has a Big Flaw
Neiderman was scheduled to deliver a presentation on his Tizen findings today at the Kaspersky Security Analyst Summit in St. Maarten in the Caribbean.
He told Zetter that of the many security flaws he found in Tizen, the worst was one that let him attack Samsung's TizenStore app store to inject malware into a Samsung smart TV.
"If Amihai Neiderman’s findings are accurate, it is alarming that Samsung is shipping smart TVs, smartwatches and mobile phones with many serious security flaws," said Michael Patterson, CEO of networking-security software maker Plixer International. "Given that Tizen is currently running on 30 million devices (smart TVs and smartwatches) and that Samsung plans to have 10 million Tizen phones this year, the potential for these devices to become members of the next big botnet is very real."
Tizen apps are authenticated before installation, Neiderman told Zetter, but an elementary attack known as a heap overflow lets you seize control before the authentication is enforced. The attack should in principle work on any Tizen-powered device, not just a smart TV.
If Neiderman reveals the details of this method of attack in his presentation, owners of Tizen-powered devices may want to take them offline until the vulnerability is fixed.
Tom's Guide has reached out to Samsung for comment and will update this story when we receive a reply.
