But the operating system is riddled with serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices, according to Israeli researcher Amihai Neiderman.
“Itmay be the worst code I’ve ever seen,” he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab’s Security Analyst Summit on the island of St. Maarten on Monday. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
Raise your hand if you’re surprised.
What use is it to hack a TV?
While for the most part I think the Tizen phones are only sold in specific markets, and then you have their smart watches, which from what I can tell really only have connectivity via bluetooth / wifi. Which I suppose you could try to hack, if you had some sort of way to connect to it.
Every smart TV unit is a computer, so in essence your question is “what use is it to hack a computer?”
I think I don’t even have to answer that.
The most visible horror of Orwell’s 1984 is that every home had a TV through which Big Brother was always watching you.
Smart TV’s generally have cameras and microphones.
Does that make things a bit more clear?
Even vibrators nowadays have cameras xD.
IoT everywhere and none of those manufacturers have any knowledge about IT-Security.
It is unbelievable that those don’t even have upgrade paths for their hidden webservers in dishing washers or other.
https://www.pentestpartners.com/blog/vulnerable-wi-fi-dildo-camera-e…
That TV could also be recruited to form part of a bot net, used to compromise other systems, as recently used in enormous denial-of-service attacks across various systems.
Fair enough for the botnet, but while I’ll admit that I have only bought a Samsung TV that was a 2015 model, and it doesn’t have any of the fancy voice commands (so no mic), and I know they exist.. but why on earth would you need/want a TV with a camera? Even an always listening TV is terrible, and while I basically bought my TV for one single reason (Plex app), it’s not like they have large amounts of space either.
The question isn’t so much ‘oh my god, there is vulnerable code!’ it’s “what are the attack vectors? do you need physical access to it, or is ssh/web server available to hack?” Now I want to hack my TV and see… which is the real reason this is interesting, can I have a Debian TV instead? That’d rock…
Sony smart TVs have cameras so they can nag you if you’re sitting too close to the screen or not “watching in a well-lit environment”.
Uh, what? Have we really become such babies that our TV companies feel the need to be nannies? I don’t own any TV, haven’t for years and have even less intent to do so now.
If I need something in that vein, I’ll buy a large-format monitor. (Basically, a traditional dumb HDTV without the tuner and with generally higher standards of quality for the LCD panel)
In fact, at some point, if I can budget for it, I’d like to buy a 53″ large-format 4K display to replace my spread of three 19″ 1280×1024 monitors.
(If I’m going 4K, I want to keep the pixels the same size so that driving roughly twice as many pixels means I can fit roughly twice as many applications in the spread.)
Edited 2017-04-06 21:38 UTC
Only 40? Tizen is build on EFL, and that really is the most unsurprisingly notorious codebase ever. Every object is the same type, and string comparisons everywhere to distinguish between the objects. But I guess that Samsung couldn’t anything else, after it left Maemo/MeeGo. Intel and Nokia had already used GTK and Qt for that, so they simply _had_ to use something else, of course. And for the same reason — something else was already using it — Java was out of the question, too.
You just reminded me of
https://what.thedailywtf.com/topic/15001/enlightened/5
where Rasterman himself pitches in and goes on a rant. EFL is indeed horrible.
It is worse than that.
You skipped the part where Samsung integrated the Bada OS SDK into Tizen, thus bringing in its Symbian C++ flavour, followed by a rewrite with a more standards compliant C++, only to drop everything and use EFL instead, with the promise that the new C++ API on top of EFL would come.
Now it appears that instead of doing that, they are adding support for .NET Core, Xamarin Forms and Tizen specific APIs for .NET Core apps.
Tizen is a joke, apparently they want to beat the number of times Microsoft has redone their mobile SDK.
Yeah, well, brevity’s sake and so on.
Gosh, I do miss the days of Maemo and Meego, when my company was working with Nokia and doing great stuff.
Really, nuff said.
Granted, I’m not familiar with the state of EFL current iteration but, when I was digging window managers to see what I would like more years ago, Enlightenment was awful, security wise. They kind of wanted to put all effort on performance over almost everything else.
Not the security experts are not known to overstate the risks many times, though.
Do the Tizen smartphones support Samsung Pay? I think that’s a pretty attractive vector for attack.
What about the Tizen watch? Enter a secure area and you may need to hand in your phone at the security checkpoint. But your Tizen watch may be secretly recording everything without you knowing.