Tizen, the operating system that runs on Samsung’s connected devices like televisions and smartwatches, is plagued by a number of dangerous security vulnerabilities, according to a report from Motherboard.
Amihai Neiderman, the head of security research at Equus Software in Israel, reported Samsung’s in-house operating system suffers from more than 40 zero-day exploits—vulnerabilities that have not yet been disclosed or patched by Samsung. Cris Thomas (aka Space Rogue), Strategist at Tenable Network Security commented below.
Cris Thomas (aka Space Rogue), Strategist at Tenable Network Security:
“Ensuring security is built into these devices early on is critical, however, the challenge for device manufacturers is balancing speed, cost and quality. Both consumer and enterprise buyers want the best quality, and they want it now. To meet those demands, manufacturers must streamline the development process, and oftentimes this includes reusing technologies, or not building security into the product in the first place. Consequently, defects are passed down from one generation to the next.
“Organizations need to be vigilant and take control of their security, instead of waiting for the next patch to be pushed out. Given the long lifespan of these and other IoT devices, people may forget about the problem months down the road and plug them back into the network leaving them vulnerable again, so it’s important to think long-term. This means knowing what’s on your network, knowing all of the vulnerabilities, actively searching for malware and signs of compromise, and prioritizing actions to immediately reduce your exposure and cyber risk.
“Right now users should not connect the TVs to the network, including wifi, and should keep an eye out for the patches, and apply them as soon as possible. However, in order to be truly secure, businesses need to think long-term, understand their exposure and take steps to reduce overall cyber risk to the organization.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.