Samsung's ego is way ahead of its capabilities. It constantly wants to do what Apple, Microsoft, etc. do but without any of the required skills. In this case, we are talking about their stupid in-house OS, Tizen. If I were them I would focus on Android across the board instead of satisfying engineering bias and nationalism to invent an inferior OS. While Android is bad too it is nowhere near as bad as Tizen. Heaven help anyone who uses Samsung Pay and such.
http://forums.appleinsider.com/disc...-tizen-os-the-worst-code-ive-ever-seen#latest
Samsung's Tizen operating system is a mess of zero-day exploitable security flaws, broken encryption privacy issues and amateur-level coding mistakes, according to the findings of a security researcher participating in Kaspersky Lab's Security Analyst Summit.
[...]
Neiderman said Tizen may be "the worst code I've ever seen" after he examined the quality of Samsung's software used to power most its Galaxy Gear-branded watches, Smart TVs, and some of its smartphones, cameras and home appliances.
He added, "everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software.""You can see that nobody with any understanding of security looked at this code or wrote it."
In particular, Neiderman called attention to the flawed implementation of Samsung's Tizen Store for downloading apps.
"You can update a Tizen system with any malicious code you want," he noted, as the store software itself runs with full device privileges that can be assumed by any process capable of taking control of it. Samsung's code was also reported to inconsistently use SSL encryption, enabling sensitive data to be sent in the clear.
Because Tizen isn't widely used outside of Samsung, security researchers haven't invested as much time in looking at it as closely as they do more popular software, such as web browsers or the code in Android, Windows and iOS. A wide variety of exploits is commonly discovered and patched in software from all vendors. Devices that are not (or can't be) updated pose an additional problem.
Unlike Android phone buyers, many users running Tizen don't even realize they're running a flawed operating system that could expose their privacy or enable malicious users to spy on them.
Samsung is also making Android less secure
Samsung's poor track record for developing security software was previously on display at the introduction of its Android-powered Galaxy S8, which promoted a strangely ineffectual facial recognition unlocking feature that could be defeated with a simple photo of the user.
Other examples were also noted by Google's Project Zero team in an audit of Samsung's software added on top of Android in its Galaxy S6 phones. The group reported finding "a substantial number of high-severity issues," within just a week of looking.
"It was also surprising that we found the three logic issues that are trivial to exploit," the team noted. "These types of issues are especially concerning, as the time to find, exploit and use the issue is very short."
Ironically, Google had earlier turned to Samsung for assistance in shoring up Android's own security in order to make the platform more appealing to Enterprise users. Google's chief executive Sundar Pichai introduced Android 5 in 2014 with contributions from Samsung's Knox security software.
http://forums.appleinsider.com/disc...-tizen-os-the-worst-code-ive-ever-seen#latest
Samsung's Tizen operating system is a mess of zero-day exploitable security flaws, broken encryption privacy issues and amateur-level coding mistakes, according to the findings of a security researcher participating in Kaspersky Lab's Security Analyst Summit.
[...]
Neiderman said Tizen may be "the worst code I've ever seen" after he examined the quality of Samsung's software used to power most its Galaxy Gear-branded watches, Smart TVs, and some of its smartphones, cameras and home appliances.
He added, "everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software.""You can see that nobody with any understanding of security looked at this code or wrote it."
In particular, Neiderman called attention to the flawed implementation of Samsung's Tizen Store for downloading apps.
"You can update a Tizen system with any malicious code you want," he noted, as the store software itself runs with full device privileges that can be assumed by any process capable of taking control of it. Samsung's code was also reported to inconsistently use SSL encryption, enabling sensitive data to be sent in the clear.
Because Tizen isn't widely used outside of Samsung, security researchers haven't invested as much time in looking at it as closely as they do more popular software, such as web browsers or the code in Android, Windows and iOS. A wide variety of exploits is commonly discovered and patched in software from all vendors. Devices that are not (or can't be) updated pose an additional problem.
Unlike Android phone buyers, many users running Tizen don't even realize they're running a flawed operating system that could expose their privacy or enable malicious users to spy on them.
Samsung is also making Android less secure
Samsung's poor track record for developing security software was previously on display at the introduction of its Android-powered Galaxy S8, which promoted a strangely ineffectual facial recognition unlocking feature that could be defeated with a simple photo of the user.
Other examples were also noted by Google's Project Zero team in an audit of Samsung's software added on top of Android in its Galaxy S6 phones. The group reported finding "a substantial number of high-severity issues," within just a week of looking.
"It was also surprising that we found the three logic issues that are trivial to exploit," the team noted. "These types of issues are especially concerning, as the time to find, exploit and use the issue is very short."
Ironically, Google had earlier turned to Samsung for assistance in shoring up Android's own security in order to make the platform more appealing to Enterprise users. Google's chief executive Sundar Pichai introduced Android 5 in 2014 with contributions from Samsung's Knox security software.
