A key example is the Tizen Store. While the portal does authenticate to make sure that you're only installing approved apps, there's an exploit that lets you take control before authentication kicks in. Use that and you can send whatever malware you want to a device. Samsung is also inconsistent in its use of encryption, often foregoing that protection at the very moment it's most needed. And did we mention that many of the flaws appear to have been introduced in the past 2 years, so they weren't just inherited from legacy code?

Neiderman says he disclosed the flaws to Samsung months ago, but didn't get more than an automated response until recently. The tech giant, meanwhile, says it's "fully committed" to working with the researcher and points to its SmartTV Bug Bounty program as an example of efforts it takes to patch holes. Don't be surprised if many of the immediate vulnerabilities are fixed before long. However, the findings suggest that the company also needs to rethink the very basics of Tizen's security strategy if it's going to keep you safe going forward.