Samsung Gear S3 Frontier WARNING – Popular device could trigger malware ‘EPIDEMIC’ | Tech | Life & Style

0
9

Samsung Gear S3 Frontier owners might be feeling a little nervous this morning, following a keynote address by Israeli researcher Amihai Neiderman.

Mr Neiderman has skewered Samsung’s TizenOS, which powers the Gear S3 Frontier and a slew of other smart devices – including televisions and smartphones.

The Israeli researcher spoke to Motherboard ahead of a speech at the annual Security Analyst Summit held by Kaspersky Lab, revealing “It may be the worst code I’ve ever seen.”

“Everything you can do wrong there, they do it,” he added “You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”

One of these vulnerabilities would allow a hacker to remotely seize control of a Samsung device running TizenOS.

Mr Neiderman says he was able to hijack the TizenStore app – Samsung’s version of Google Play Store – which is used to deliver apps and software updates to Tizen devices, to install malicious code to his device.

“You can update a Tizen system with any malicious code you want,” he said.

That’s a terrifying prospect – especially when you consider that Samsung already has its Tizen operating system running on some 30 million smart TVs, as well all of its Samsung Gear smartwatches and some smartphones in a limited number of markets, including Russia, India and Bangladesh. 

Samsung had previously revealed plans to have 10 million Tizen phones in the market this year. It also confirmed that the versatile operating system would be used to power its new line of smart washing machines and refrigerators.

Israeli researcher Mr Neiderman says he has shared snippets of the vulnerabilities he uncovered with Samsung.

He has also cautioned the South Korean technology company against deploying the software in phones before a major overhaul to the underlying code.

Speaking to Motherboard, a spokesperson for the company said: “We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities.

“Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.”

Head of Avast mobile threat intelligence and security, Nikos Chrysaidos told Express.co.uk: “With this OS already inside millions of smart TVs, mobile phones, fridges and smart watches, these vulnerabilities could also cause a new epidemic of Tizen-focused malware.

“Cybercriminals like to address a large audience, so attacking a relatively new but market-leading operating system obviously has the potential to deliver the biggest return.

“It can be an especially lucrative endeavour as today’s mobile platforms make it almost impossible to detect cybercriminals once they’ve broken in.

“This gives them plenty of time to continually extract what they need, and spread more malicious code without intervention.”

The news comes as Samsung started to reveal early details about its next major software update for the Gear S3, Tizen 4.0.

The new software is expected to ship with a richer feature set, and faster speeds than its predecessor

The webpage claims, “the first official version of Tizen .NET will be released in September 2017 as a part of Tizen 4.0.”

Tizen 3.0 brought 64-bit compatibility as well as support for 4K Ultra HD graphics and image and speech recognition.

Samsung also claimed Tizen 3.0 was 30 per cent faster its predecessor, Tizen 2.4.

With the first beta set for June, Samsung appears to be moving away from Tizen 3.0 pretty fast.

And with a release date scheduled for September, it is more than likely that the next-generation operating system will ship alongside the Samsung Gear S4 smartwatch.

Samsung usually launches its flagship smartwatch at the IFA technology tradeshow in Berlin, which is held in early September.

A spokesperson for Samsung told Express.co.uk, “Samsung Electronics takes security and privacy very seriously. We regularly check our systems and if at any time there is a credible potential vulnerability, we act promptly to investigate and resolve the issue.

“We continually provide software updates to consumers to safeguard their products. We are fully committed to cooperating with Mr. Amihai Neiderman, to mitigate any potential vulnerabilities.

“Through our Bug Bounty program and internal security safeguards, Samsung continuously patches any would-be vulnerabilities.”

Recommended for you

Leave a Reply