Recently published CIA documents revealed the intelligence agency discovered a way to deliver malicious code to older Samsung smart TVs using a USB stick. Unfortunately, that relatively difficult to execute hack may turn out to be the least of Samsung’s security-related worries. According to Amihai Neiderman, a security researcher with Israel’s Equus Software, there are more than 40 zero-day exploits that allow malicious users to remotely hack the company’s Tizen operating system.
“It may be the worst code I’ve ever seen,” said Neiderman an interview with Motherboard‘s Kim Zetter. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
One especially significant security flaw allows hackers to insert malicious code into apps delivered through the TizenStore, Samsung’s version of Google Play, due to a critical flaw in its app delivery method. Elsewhere, many of Tizen’s most critical data transmissions aren’t secured with SSL encryption.
According to Neiderman, Samsung’s programmers borrowed much of Tizen’s codebase from Bada, the company’s previous smartphone operating system. However, he says a lot of the worst code was written in the past two years, with much of it showing mistakes that programmers were making 20 years ago.
The severity of the issue quickly becomes apparent when one considers all the Samsung devices that ship with Tizen. Not only is the operating system on the company’s Gear smartwatches, it’s also on more than 30 million smart TVs and home appliances. Moreover, in the company’s efforts to further distance itself from Google and Android, Samsung plans to ship 10 million Tizen smartphones in 2017, a move that could spell disaster for the company should it ever release a Galaxy Tizen device.
When Neiderman first contacted Samsung about the vulnerabilities, the company sent back automated responses. Prompted by Motherboard‘s article, the company has since said it’s “fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.”