Samsung's Tizen just suffered a major blow on its overall capability as a working OS due to security issues. According to Israeli researcher Amihai Neiderman, the open source operating system used on a range of Internet-of-Things devices is chock-full of security issues and coding problems. As a systems analyst and researcher, Neiderman presented his full review, riddled with devastating evaluation, during the Kaspersky Lab's Security Analyst Summit.
Noted as a sometime competitor to Android, the OS in questions has been described by Neiderman as "the worst code I've ever seen". He added that it's surprising that "Everything you can do wrong there, they do it". Needless to say, Neiderman was not impressed by the weak performance of the OS and had very little positive to say about the state of the code.
Samsung has been developing Tizen for many years, which started as an Intel and Nokia project merged with Bada operating system in 2013. Built on a Linux kernel like the Android, and running on C++ and HTML5, it was developed with a large chunk of open source software running on top. According to the Ars Technica, the OS is predominantly used in smart devices, but Samsung continues to dabble with it on smartphones.
Neiderman reported having found a surprising amount of flaws in the newer code. He added that there is a widespread improper use of the strcpy() function in C, which is notorious for making devices vulnerable to dangerous functions that are well known to experienced C and C++ programmers. Many developers use alternative functions entirely in order to avoid these risks, but Tizen developers are "using it everywhere".
Additionally, Samsung suffers further bad review as its code fails to use SSL in a consistent way. According to Android Police, Neiderman found that one of the most critical vulnerabilities was in the Tizen Store, which allowed the injection of malicious code into his Samsung TV. He concluded that with the OS, it's extremely easy for malicious code to be uploaded into the Tizen system.