maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Tizen (https://talk.maemo.org/forumdisplay.php?f=61)
-   -   A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products. (https://talk.maemo.org/showthread.php?t=99239)

hhbbap 2017-04-04 20:03

A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Hello!
I come across an article with a link to an article in English on MotherBoard;
https://motherboard.vice.com/en_us/a...ulnerabilities
I do not have any products running Tizen myself, but should people take their Samsung TV offline if it runs Tizen?

gerbick 2017-04-05 00:03

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Great, just great. All of this time, absolutely little to no focus on security. Worse even, the patches will come slowly since it's Samsung.

theonelaw 2017-04-05 04:04

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Quote:

Originally Posted by gerbick (Post 1526458)
Great, just great. All of this time, absolutely little to no focus on security. Worse even, the patches will come slowly since it's Samsung.

My gut feeling about that shiny package at the store is sated,
and I am a bit startled about the security aspect.

Quote:

, it's the Holy Grail for a hacker who can abuse it.

"You can update a Tizen system with any malicious code you want," he says.
Makes me want to make a ranking system,
perhaps I should get off my lazy chair and start a new thread.
(surely someone else has done exactly this somewhere else
that I simply have not seen yet...?)

Please feel free to expand revise copy paste or whatever:


Phone OS rated = security * flexibility)
on scales of 0.0 through to +1.0

Maemo5 (= 0.9 * 0.8)

UbuntuTouch (= 0.7 * 0.5)

Apple (= 0.6 * 0.3)

Android (= 0.4 * 0.6)

Tizen (= 0.2 * 0.1)

Somewhere there should be supporting evidence,
but only if this ends up in a proper thread of its own...

juiceme 2017-04-05 04:52

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Quote:

Originally Posted by theonelaw (Post 1526461)
Phone OS rated = security * flexibility)
on scales of 0.0 through to +1.0

Maemo5 (= 0.9 * 0.8)

UbuntuTouch (= 0.7 * 0.5)

Apple (= 0.6 * 0.3)

Android (= 0.4 * 0.6)

Tizen (= 0.2 * 0.1)

Is this just guessing (what we call pulling numbers out of a Stetson) or do you have some thought-out evidence for the ratings?
I am critizising mainly the value 0.9 you assign to Maemo (since I really don't know anything about the others, never used them)

Maemo devices are fairly easy to break into, so the value seems tad high to me.

theonelaw 2017-04-05 05:15

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Quote:

Originally Posted by juiceme (Post 1526463)
Is this just guessing (what we call pulling numbers out of a Stetson)

Yep, Hoss,
just chewing the cud on my way back to the ranchhouse.
Throw the numbers on the barn door and see what sticks,
leaving the nitty-gritty for those who have the proper knowledge.

As for Maemo, simply adjust downward accordingly
as necessary. :D

We can hack the n900 surely, (I just started somewhere is all)
but does it come pre-hacked like the latest Android or Tizen ?
Those things come out of the giftwrapped box :eek:
stuffed like Thanksgiving turkey with more holes than Swiss cheese.

I am no expert in this,
(hoping a genuine expert steps up to do the dirty work)
but I have brief experience+ exposure to Android and iPhone.
I use an Android as a dummy modem, :confused:
but am retasking my Ubuntu to do that as it is such a stupid device.

Using Android is like
carrying around a set of crosshairs on your back,
but the Ubuntu is not vastly better (having few bad habits on GSM).
Maemo is completely under the radar however.
The providers don't hack it because it is so out of spectrum.
I have even gotten some very curious approaches by staff
about using it here.

I have already been tagged by certain people and gotten
a couple of services blocked in one region for using Ubuntu.
They named a server after my email address in a different locale,
which was funny/cute (different story altogether),
but there they did not exhibit the raw hostility I see these days.
The kinds of backflip handstands (like blocking github ?!?!)
we see here every week is enough to generate some concern.

Tizen may be more secure on the local side (guessing again)
whereas Android may be gelded by the local Google servers,
which are in the hands of entities I shall not talk about here.

But what can someone else kick into this anecdote bonfire ?

If anyone else is interested
maybe we should trot this colt over to a new thread?

cheers,
from what seems to be slowly morphing into
"one of the most unpleasant films of the year" :(

kinggo 2017-04-05 10:01

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Quote:

Originally Posted by gerbick (Post 1526458)
Great, just great. All of this time, absolutely little to no focus on security. Worse even, the patches will come slowly since it's Samsung.

if even that...... They have to sell all that new junk they made. Their new TVs (QLED :rolleyes: ) cost way more then last year 7-8-9 series and are equal or worse in many aspects. But it looks that they managed to patch this type of holes
http://www.avsforum.com/forum/attach...5&d=1469753109

chilango 2017-04-05 15:28

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Maybe take a look at samygo.tv

kinggo 2017-04-05 18:14

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
http://www.gsmarena.com/newscomm-24387.php
now, if they spent that on actual R&D, QC and SW developers maybe they would be more than just makers of mediocre shiny plastic crap. Where quality stops, marketing begins.

t-b 2017-04-05 19:19

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
Talk from Brian Lunduke about IoT. He could have probably made the case in a couple of minutes and he made some extraordinary claims but still (or probably because of that) quite entertaining. Seems on topic.

https://www.youtube.com/watch?v=304Lcn0nU3c

wicket 2017-07-12 15:06

Re: A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.
 
In related news...

27 000 errors in the Tizen operating system

It's a shame really. It doesn't seem like Tizen will ever be a viable alternative. If I want a decent phone OS, I've got to make it myself. :/


All times are GMT. The time now is 13:24.

vBulletin® Version 3.8.8