“Smart” TV er ikke den korrekte betegnelse. Samsung har udviklet deres helt eget operativsystem til den nye generation af elektronik, fra TV over mobiltelefoner til køleskabe og vaskemaskiner, Tizen. Og Tizen er så fyldt med sikkerhedshuller at en si burde være fornærmet over en sammenligning.
Tizen skulle allerede køre på 30 millioner TV’er, Samsungs Gear smartwatches samt en række Samsung telefoner på deres mere lokale marked.
“It may be the worst code I’ve ever seen,” [Israeli researcher Amihai Neiderman] told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab’s Security Analyst Summit on the island of St. Maarten on Monday. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”
All of the vulnerabilities would allow hackers to take control of a Samsung device from afar, in what’s called remote-code execution.
“You can update a Tizen system with any malicious code you want,” he says.
But most of the vulnerabilities he found were actually in new code written specifically for Tizen within the last two years. Many of them are the kind of mistakes programmers were making twenty years ago, indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws.
He also found that the programmers failed to use SSL encryption for secure connection when transmitting certain data. They use it on some data transmissions but not others, and usually not on ones that need it most.
“They made a lot of wrong assumptions about where they needed encryption,” he says, noting that “it’s extra work to move between secure connections and unsecure connections.” This indicates that they didn’t do it inadvertently but were making conscious decisions not to use SSL in those places, he says.
— Kim Zetter, Motherboard, “Samsung’s Android Replacement Is a Hacker’s Dream“
Når jeg vælger tags til et indlæg kommer WordPress med forslag ud fra hvad jeg skriver. Så når jeg skriver “IoT” (Internet of Things) foreslår den naturligvis og passende “idioti”.