While it's a good thing that Samsung is made aware of these vulnerabilities, so that it can work on fixing them, it's a bit alarming that its flagship line of smartwatches is vulnerable. The Tizen vulnerability news comes on the heels of news that the CIA allegedly hacked Samsung TV, potentially allowing the government agency to listen in and capture conversations.
Wareable has contacted Samsung with more questions, and we'll update this if and when we hear more. Samsung says it's "fully committed" to working with Neiderman to fix any vulnerabilities, and Neiderman himself says he's been in contact with Samsung, sharing "snippets" of the vulnerabilities with the company. While Neiderman notes that some of Tizen's code is from Samsung's failed Bada operating system, most of the vulnerabilities are from code written in the past two years. Verizon is pushing an update to the LTE variants of the Gear S3 Classic and Gear S3 Frontier that brings Tizen version 4 as well. Other major flaws include a failure point where Tizen can't check whether there's enough storage space to write new data and a lack of SSL encryption when transmitting data. The Tizen Store framework is used to allow Gear users to download apps and receive updates for their smartwatch. While Neiderman focused his research efforts on phones and TVs, Tizen's vulnerabilities extend to Samsung's Gear smartwatches. Neiderman was able to exploit a Tizen Store flaw that allowed him to take control of the store prior to its authentication process, enabling him to deliver malicious code to his TV. The worst of them, according to Neiderman, revolved around the Tizen Store, which Samsung uses to push updates to devices and act as an app store.īecause Tizen Store requires the highest user permissions on a device, exploiting its vulnerabilities makes it a juicy target for hackers.
Read this: Tizen v Android Wear - which smartwatch OS is right for you?Īll 4o vulnerabilities would theoretically allow hackers to take control of Gear smartwatches such as the Gear S3 and other Tizen-powered Samsung devices remotely. It's like taking an undergraduate and letting him program your software." You can see that nobody with any understanding of security looked at this code or wrote it.
"Everything you can do wrong there, they do it. Why samsung is nt working on tizen 4.0 for gear s3 frontier We all feel the massive draining of baterry with tizen 3.0.0.2 and samsung know that my watch is new and only lasts for 8 hours usage on full charge with this tizen 3.0.0. For use, you need to instal 'Samsung Accessory Service' and 'Galaxy Wearable' on your paired device. Use with the 'Variometre' app or the 'GPX Tracker' of the tizen store. "It's the worst code I've ever seen," Neiderman told Motherboard in advance of a talk about his Tizen research at Kaspersky Lab's Security Analyst Summit. Allow to transfer, manage and visualise GPX files created by your samsung Gear S2, S3 and Sport. Israeli security researcher Amihai Neiderman has found 40 unknown zero day security vulnerabilities in Tizen, the operating system Samsung uses to power its Gear smartwatches, TVs and many other electronics.