According to a security researcher, Samsung’s Tizen operating system is laden with as many as 27,000 bugs. That said, sources suggest that the Korean electronics giant has apparently slammed his findings.
Andrey Karpov, CTO of Program Verifications Systems, said he started scanning for bugs in Tizen OS using PSV Studio. He found around 900 bugs in just 3.3 percent of the operating system’s code, following which he stopped searching for bugs before even looking at the full code. All in all, Karpov suggests that the OS might be laden with no less than 27,000 errors.
“In total, I analyzed more than 2 400 000 lines of code (excluding comments). I detected 900 errors. The whole Tizen project with the third-party libraries has 72 500 000 lines of C, C++ code (excluding the comments). That means that I checked only 3.3% of the code. Estimation: (72500000 * 900/2400000 = 27187). Using PVS-Studio, we can detect and fix 27 000 errors,” told Karpov.
That said, Karpov also notes that 27,000 does not necessarily mean the OS has 27,000 vulnerabilities. However, some of them could be deemed as flaws as Karpov said he discovered 52 entries where private data isn’t cleared.
“When private data will remain somewhere in memory and then someone will use it,” he explained.
Furthermore, Karpov also stated he tried to contact Samsung earlier this year to report his findings. However, security experts at Samsung couldn’t care less about his findings and refused to investigate. In response, a Samsung official said they already have their own internal bug hunting program which is always on alert.
“We currently have our own static analysis tool and run it regularly for Tizen. However, we don’t agree with that Tizen has 27,000 defects that should be fixed, even though Karpov claims he has offered to help Samsung’s engineers look into the bugs he discovered,” Samsung’s Youil Kim said in a statement.
Tizen is a Linux-based open-source operating system used in a wide range of Samsung products such as smartphones, tablets, smart TVs, smart watches, cameras, and PCs.
And this isn’t the first time Tizen has been accused of having flaws in its code. As earlier this year, security researcher Amihai Neiderman, claims the presence of 40 zero-day vulnerabilities in Tizen. He said that Tizen isn’t fine-tuned enough right now and not really ready for commercial use.