The Tizen Attack Surface presented at AVAR 2014

by Irfan Asrar,

Summary : Tizen is an open source operating system designed for multiple computing platforms such as smartphones, wearable devices, In-vehicle infotainment (IVI), smart TV etc. Tizen provides applications developers with an extensive web/native API set that includes access to hardware, settings, and user data. Access to privacy/security relevant parts of the API is controlled with an install-time application permission system as well a post install user defined privacy filter. However, giving users the ability to install third-party applications as well as side load apps poses serious security concerns.
Tizen comes at a time when the threat against mobile computing grows in tandem with the popularity of mobile devices. Compared to Android, iOS and Blackberry, Tizen offers multiple options within the framework structure to combat the rise in malware targeting mobile devices. This talk will examine the depth of these innate options and their ability to counteract malware and privacy threats. This talk will also review the inner working of the operating system, the application framework as well as techniques to reverse engineer applications written for the Tizen platform.
Finally we will also talk about the security review/mechanisms used by Tizen App store to screen apps to detect malware/malicious apps.