Batu69 Posted July 14, 2017 Share Posted July 14, 2017 A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backed by Intel and Samsung Electronics, which has been in development since early 2012 and designed for smartphones, tablets, smart TVs, smart watches, cameras and PCs. According to Andrey Karpov — founder of Russia-based company Program Verification Systems that made PVS-Studio, a static code analyzer tool that helps programmers to find and fix bugs in their source codes — his team has discovered hundreds of errors in Tizen project using PVS-Studio. Samsung's Tizen operating system, written in C/C++ programming language, currently has 72.5 million lines of source code, out of which Karpov's team has analysed some randomly chosen modules i.e. 3.3% of the entire Project and found nearly 900 errors. "If we extrapolate the results, we will see that our team is able to detect and fix about 27000 errors in Tizen," Karpov says. In April this year, Israeli researcher Amihai Neiderman called Tizen "the worst code I've ever seen" after he examined the operating system and discovered as many as 40 zero-day vulnerabilities in Tizen code. After finding almost a thousand bugs in Tizen code, Karpov contacted Samsung to pitch for the sale of static analyser PVS-Studio software, but Youil Kim from Samsung declined the offer. According to a mail exchanged between Karpov and Kim, Samsung is already using the SVACE technology (Security Vulnerabilities and Critical Errors Detector) to detect potential vulnerabilities and errors in source code of applications created for Tizen. "We are already aware that another tool can find additional defects. However, we don't agree with that Tizen has 27,000 defects that should be fixed. As you know, many of static analysis warnings are often considered as insignificant issues," Kim added. Tizen operating system already runs on nearly 30 million Smart TVs, Galaxy Gear-branded watches Smart TVs, cameras, home appliances and some of its smartphones sold in countries like Russia, India and Bangladesh. Samsung has even plans to have some 10 Million Tizen smartphones in the market at the end of this year. So, if claims made by the researcher are true — which was also acknowledged by a Samsung representative to some extent — the company should shift their focus mainly towards the security of the operating system in Tizen 4.0, which is due for release in September. Article source Link to comment Share on other sites More sharing options...
vitorio Posted July 14, 2017 Share Posted July 14, 2017 3 minutes ago, Batu69 said: So, if claims made by the researcher are true — which was also acknowledged by a Samsung representative to some extent — the company should shift their focus mainly towards the security of the operating system in Tizen 4.0, which is due for release in September. Certainly we do not want another phone similar to: Samsung Galaxy Note 7 phones recall Link to comment Share on other sites More sharing options...
CrAKeN Posted July 14, 2017 Share Posted July 14, 2017 Samsung wants Tizen to power a wider array of devices A security researcher claims he has found nearly 27,000 bugs in Samsung’s Tizen operating system, revealing that although South Korean firm has already been informed about this, they rejected the findings and said an internal bug hunting program is already active. Andrey Karpov, CTO of Program Verification Systems, starting looking for bugs in Tizen with PVS Studio, checking only 3.3 percent of the code and discovering no less than 900 issues. Though he suspended the bug searching before analyzing the full code, the researcher says that he estimates there are 27,000 errors in Tizen’s code. “In total, I analyzed more than 2 400 000 lines of code (excluding comments). I detected 900 errors. The whole Tizen project with the third-party libraries has 72 500 000 lines of C, C++ code (excluding the comments). That means that I checked only 3.3% of the code. Estimation: (72500000 * 900/2400000 = 27187). Using PVS-Studio, we can detect and fix 27 000 errors,” the researcher explained. Samsung: Thanks, but no thanks Karpov says that he already contacted Samsung earlier this year to report the findings, but the team at the company refused to investigate. “We currently have our own static analysis tool and run it regularly for Tizen. However, we don't agree with that Tizen has 27,000 defects that should be fixed,” a company official replied, even though Karpov claims he has offered to help Samsung’s engineers look into the bugs he discovered. Samsung is yet to provide an official statement on the possibility of having so many bugs in Tizen, but some clarification should be released soon, especially because such findings raise questions as to how reliable the operating system actually is. Samsung has pushed really hard for Tizen to become a more widely-adopted operating system, and at some point the company has even started investing in phones running it and replacing Android. The focus continues to be on Google’s OS for smartphones, though it’s no secret that Samsung keeps investing in Tizen as well, which is primarily powering wearables. Source Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted July 14, 2017 Administrator Share Posted July 14, 2017 Threads merged. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.