Breaking Tizen presented at t2 2017

by Amihai Neiderman,

Summary : Tizen​ ​is​ ​samsung's​ ​newest​ ​OS​ ​for​ ​it's​ ​devices​ ​and​ ​considered​ ​by​ ​them​ ​as​ ​the​ ​operation system​ ​of​ ​everything,​ ​aiming​ ​to​ ​run​ ​on​ ​every​ ​device​ ​from​ ​simple​ ​IoT,​ ​mobile​ ​phones, televisions​ ​to​ ​even...Cars.
Over​ ​the​ ​last​ ​few​ ​months​ ​I​ ​observed​ ​that​ ​samsung​ ​is​ ​laying​ ​the​ ​groundwork​ ​for​ ​a​ ​larger expansion​ ​of​ ​tizen​ ​in​ ​the​ ​mobile​ ​world.​ ​It​ ​appeared​ ​that​ ​samsung​ ​is​ ​adding​ ​more​ ​servers​ ​and more​ ​infrastructure​ ​to​ ​support​ ​an​ ​upcoming​ ​growth​ ​in​ ​the​ ​amount​ ​of​ ​tizen​ ​users​ ​worldwide and​ ​is​ ​planning​ ​to​ ​expand​ ​to​ ​new​ ​markets.
I​ ​then​ ​decided​ ​to​ ​start​ ​and​ ​research​ ​tizen​ ​due​ ​to​ ​the​ ​fact​ ​that​ ​it​ ​seems​ ​that​ ​nobody​ ​is​ ​doing​ ​it! The​ ​tizen​ ​mobile​ ​firmware​ ​was​ ​obtained​ ​pretty​ ​quickly​ ​and​ ​from​ ​a​ ​thorough​ ​investigation​ ​it seems​ ​that​ ​samsung​ ​hasn't​ ​learned​ ​anything​ ​from​ ​the​ ​publications​ ​about​ ​0days​ ​in​ ​the​ ​past few​ ​years.​ ​The​ ​code​ ​is​ ​not​ ​designed​ ​with​ ​security​ ​in​ ​mind,​ ​is​ ​not​ ​up​ ​to​ ​any​ ​modern​ ​security standards​ ​(you​ ​can​ ​find​ ​strcpy,​ ​memcpy,​ ​sprintf​ ​almost​ ​anywhere.​ ​and​ ​always​ ​to​ ​a​ ​fixed​ ​size buffers). during​ ​the​ ​course​ ​of​ ​a​ ​few​ ​days​ ​I​ ​found​ ​over​ ​40​ ​different​ ​vulnerabilities​ ​in​ ​tizen​ ​-​ ​some​ ​logical and​ ​some​ ​just​ ​classic​ ​(really​ ​classic!)​ ​memory​ ​corruptions​ ​bugs.​ ​Almost​ ​every​ ​system​ ​app​ ​is vulnerable.
My name is Amihai Neiderman, 27 years old. I worked with computers for the last 20 years, doing everything from high-level programming to bare metals electronics. I've always programmed for fun and problem solving and eventually found myself in the world of information security after finding "bugs" in websites competing with my own one. In the past 8 years I mostly do vulnerability research in windows, Linux and various embedded devices
Today I work as a security researcher for Azimuth security.