Samsung Smart TVs, Watches Full of Security Holes (Report)

News
By published

The operating system on Samsung smart TVs, smart watches and some smartphones is riddled with security holes, a researcher says.

The operating system that powers many Samsung smart TVs, smart watches and smartphones is full of security holes and can easily be hacked into remotely, an Israeli researcher says.

The Tizen-powered interface on a Samsung smart TV. Credit: Samsung

(Image credit: The Tizen-powered interface on a Samsung smart TV. Credit: Samsung)

"It may be the worst code I've ever seen," Equus Software researcher Amihai Neiderman told Vice Motherboard's Kim Zetter. "Everything you can do wrong there, they do it."

The software in question is Tizen, a Linux-based mobile OS similar to Android. Tizen runs on Samsung Gear smartwatches, Samsung Gear Fit fitness bands, some Samsung smart cameras, low-end Samsung smartphones sold in India and other countries, and on every Samsung smart TV made since 2015.

MORE: Galaxy S8 Facial Recognition Has a Big Flaw

Neiderman was scheduled to deliver a presentation on his Tizen findings today at the Kaspersky Security Analyst Summit in St. Maarten in the Caribbean.

He told Zetter that of the many security flaws he found in Tizen, the worst was one that let him attack Samsung's TizenStore app store to inject malware into a Samsung smart TV.

"If Amihai Neiderman’s findings are accurate, it is alarming that Samsung is shipping smart TVs, smartwatches and mobile phones with many serious security flaws," said Michael Patterson, CEO of networking-security software maker Plixer International. "Given that Tizen is currently running on 30 million devices (smart TVs and smartwatches) and that Samsung plans to have 10 million Tizen phones this year, the potential for these devices to become members of the next big botnet is very real."

Tizen apps are authenticated before installation, Neiderman told Zetter, but an elementary attack known as a heap overflow lets you seize control before the authentication is enforced. The attack should in principle work on any Tizen-powered device, not just a smart TV.

If Neiderman reveals the details of this method of attack in his presentation, owners of Tizen-powered devices may want to take them offline until the vulnerability is fixed.

Tom's Guide has reached out to Samsung for comment and will update this story when we receive a reply.

See more Computing News
TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
Latest in News
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
Lewis Hamilton of Great Britain and Scuderia Ferrari looks on during Sprint Qualifying ahead of the F1 Grand Prix of China at Shanghai International Circuit in Shanghai, China, on March 21, 2025. (Photo by Song Haiyuan/Paddocker/NurPhoto via Getty Images)
How to watch Chinese Grand Prix 2025 online – stream F1 without cable, qualifying highlights
More about online security
Hacker using a stolen social security card

Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
A magnifying glass on top of the Steam logo in a web browser

Valve just pulled a malicious game demo spreading info-stealing malware from Steam
Rendered images of rumored foldable iPhone.

Foldable iPhone report just revealed key details — here's what we know
See more latest