Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicBlueBourne - CGA Claim advice
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... | 9
MikeAqua
7773 posts

Uber Geek


  #1882363 12-Oct-2017 11:00
Send private message

A supported life of 2 -3 years from a phone does seem very short.  My last phone cost ~$1,000.

 

I can't think of another situation where I would accept a service life of 2 - 3 years for something that expensive.

 

I would rather see manufacturers and retailers invest in firmware for longer than invest in tacky bloat-ware - 90% of which I'm going to disable the day I get my new phone. 




Mike



vyfster

67 posts

Master Geek


  #1882473 12-Oct-2017 15:02
Send private message

tripper1000:

 

IMHO having import information in a portable or connected device is inherently risky. People who are hyper concerned about security need to be mindful of what data is on their phones in the first place, and possibly shouldn't use a smart phone at all. An OS vulnerability is one thing but is it really your primary security concern?

 

Phones get physically stolen and lost every day and you are consequently vulnerable to loss of data and thief of valuable/compromising information. I know no one who has been hacked via bluetooth but many people who have physically lost their phones. Once a lost phone has been disconnected from data services, and a hacker physically has your phone (it could be moths later) there is nothing you can do to stop them having their wicked way with your data.

 

If your phone gets hacked or ends up as a node in a bot net and you have no valuable info on it - mhhha? Shrug it off and you can probably do a factory reset to get rid of the problem. 

 

 

You should probably not use a computer connected to a network either then.  Should probably turn in that work laptop too.  You can mitigate against losing your phone through being forgetful or having it stolen though.  My argument has been, turning off a feature to mitigate against a vulnerability shouldn't be seen as a solution to the problem.

vyfster

67 posts

Master Geek


  #1882475 12-Oct-2017 15:04
Send private message

michaelmurfy: @vyfster upgrade to lineage already...

 


Yep, I said I was going to.  Does that now preclude me from replying to people who are putting their POV's across?  Should I not enter into a debate to try and get my POV across?



mattwnz
20141 posts

Uber Geek


  #1882477 12-Oct-2017 15:08
Send private message

vyfster:

mattwnz:


However bluetooth also isn't really needed to use the phone either. 



You do realise that a mobile phone is more than just a phone nowadays?  I take it you don't use hands free when driving?  What about using bluetooth earphones?  Or streaming to a media player via bluetooth from the mobile mini computer that is capable of making calls?  I also use it to connect my garmin heartrate monitor, via bluetooth, when out running / working out.


It's not needed to make calls (unless using hands free), but it is a feature of the mobile device (that is not only a phone).  IMHO all features should work and be free of defects for the mobile device.




I hadn't thought of that, although I don't generally use mine in the car for calling, just plugged into the headphone jack. But that does make me wonder how many phones currently being sold, especially at the lower end of the market that will never get future updates. That I guess is one of the reasons I purchased an iPhone as apple provide support for many years. Eg an iPhone 5s came out in 2013 and gets iOS support into 2018 although this is probably the last year so that is more than 4 years. Android OS generally less than 3 quoting the pixel support life. I have a cheap Android I recently purchased but that is already running an old Android version and I suspect it won't get any patch for this.

vyfster

67 posts

Master Geek


  #1882478 12-Oct-2017 15:08
Send private message

Dratsab:
vyfster: Maybe I'm just paranoid or maybe I'm not paranoid enough!?

My thoughts are closely aligned with what @sbiddle has said. The chances of an actual attack (whether bluebourne or bluesnarf etc) are exceptionally low. Your phone will have either a class 1 or class 2 Bluetooth radio - most likely class 2, so any attacker would need to be within 10 metres of you to initiate an attack and remain within 10 metres of you for the duration.

 

 

I take it you're not caught in the Auckland rush "hours" in the morning and evening?  Driving with handsfree means bluetooth needs to be enabled.

 

Dratsab:
Modding, a-la the suggestion from USS @michaelmurfy, is another possibility as is the purchase of a different phone. A different phone could encompass something such as a second hand Nexus which won't be as expensive as a new phone but will have patches available, if not already installed.

 

Yep, I'm going to look into lineage.  I wasn't aware of it.  Thanks to @michaelmurfy for bringing it to my attention.  I have my own little project on atm so don't want to mess with my mobile device just yet, but will do so once done.

vyfster

67 posts

Master Geek


  #1882479 12-Oct-2017 15:09
Send private message

MikeAqua:

 

A supported life of 2 -3 years from a phone does seem very short.  My last phone cost ~$1,000.

 

I can't think of another situation where I would accept a service life of 2 - 3 years for something that expensive.

 

I would rather see manufacturers and retailers invest in firmware for longer than invest in tacky bloat-ware - 90% of which I'm going to disable the day I get my new phone. 

 

 

Yay!  Finally one person who might be on my side :)

vyfster

67 posts

Master Geek


  #1882481 12-Oct-2017 15:15
Send private message

I get the impression that people think I am arguing about a CGA claim.  I am not (well not really).  I asked for advice and to get a general consensus as to what people thought about the situation.  I received the advice and although not what I was wanting to hear, accept it.

 

This does not mean that I have to like it.  This does not mean that I am not going to try and convince people why I am obviously right and you are all wrong.  Quite frankly, I'm surprised it's taken so long .. ok j/k :)

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
tripper1000
1617 posts

Uber Geek


  #1882506 12-Oct-2017 15:53
Send private message

vyfster: You should probably not use a computer connected to a network either then.  Should probably turn in that work laptop too.  You can mitigate against losing your phone through being forgetful or having it stolen though.  My argument has been, turning off a feature to mitigate against a vulnerability shouldn't be seen as a solution to the problem.

 

Yeah, gotcha on the 'shouldn't have to turn off' point.

 

The OEM has decided not to bother presumable because the risk is more theoretical than practical. The Wanna Cry attack was not theoretical at all, and M.S. came out with a patch for Windows XP, an obsolete OS, so they will act if the risk is there.

 

My point was that the risk is lower than other risks to your data.

 

If the OEM is going to leave holes in security your statement above holds true. If you want to store super important data that other people really want, it is best to isolate your computerised device from the outside world both physically and electronically. Todays news in Australia: Stuff Link

mattwnz
20141 posts

Uber Geek


  #1882562 12-Oct-2017 17:35
Send private message

vyfster:

 

I get the impression that people think I am arguing about a CGA claim.  I am not (well not really).  I asked for advice and to get a general consensus as to what people thought about the situation.  I received the advice and although not what I was wanting to hear, accept it.

 

This does not mean that I have to like it.  This does not mean that I am not going to try and convince people why I am obviously right and you are all wrong.  Quite frankly, I'm surprised it's taken so long .. ok j/k :)

 

 

 

 

I think the situation is somewhat similar to the one that Tivo customers have, where the manufacturer(their local) agent, is ceasing providing access to the server that provides the programming guide, which it needs to operate to the advertised specifications, so the hardware is no longer able to do what it is supposed to do when they turn off the server. Although in your case the hardware will still fully work, but you are at potential risk of a security hole if you do use it. If enough people complained,  and they started having to do refunds, I do wonder how quickly they would release a patch for it?

ArcticSilver
729 posts

Ultimate Geek


  #1882572 12-Oct-2017 17:58
Send private message

Without getting into too much detail I would agree with most/if not all of vyfster's points.

 

Considering this was a Z3, a flagship ($800+) phone from Sony I think 3 years should be the minimum for this sort of support. This is a bug and this should be fixed. In my mind a CGA claim is perfectly reasonable if they refuse to fix it. You have to remember they will be selling a significant number of these devices, only Sony has the economies of scale to fix this.

 

At the end of the day it was Sony's choice to use Android and Sony's choice to use the problematic code/problematic hardware. They have sold the device as a Android device with bluetooth hence it is absolutely their responsibility to ensure it works for a reasonable lifetime. The only debate here (in my mind) is weather a vulnerability is significant enough to consider it a flaw that should be fixed, I would argue that it is.

 

 

 

Turning Bluetooth off is not an acceptable solution, nor is re-flashing a different unsupported OS.

 

 

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1882607 12-Oct-2017 20:12
Send private message

ArcticSilver:

 

Without getting into too much detail I would agree with most/if not all of vyfster's points.

 

Considering this was a Z3, a flagship ($800+) phone from Sony I think 3 years should be the minimum for this sort of support. This is a bug and this should be fixed. In my mind a CGA claim is perfectly reasonable if they refuse to fix it. You have to remember they will be selling a significant number of these devices, only Sony has the economies of scale to fix this.

 



 

You're forgetting a company doesn't have to accept a CGA claim. If they don't your only option is court action.

 

You can guarantee without fail that any company that ended up in court on such a charge is going to be so lawyered up because the implications of losing such a ruling is so massive it's beyond comprehension. This isn't just a phone issue, it's an issue that would affect entire industries. 

 

Like the Tivo issue the reality is consumer electronics goods have a life. 

 

 

ArcticSilver
729 posts

Ultimate Geek


  #1882610 12-Oct-2017 20:20
Send private message

sbiddle:

 

You're forgetting a company doesn't have to accept a CGA claim. If they don't your only option is court action.

 

You can guarantee without fail that any company that ended up in court on such a charge is going to be so lawyered up because the implications of losing such a ruling is so massive it's beyond comprehension. This isn't just a phone issue, it's an issue that would affect entire industries. 

 

Like the Tivo issue the reality is consumer electronics goods have a life. 

 

 

 

 

This is what the disputes tribunal is for. The disputes tribunal ruling is legally binding.

 

I don't agree the issue is "massive beyond comprehension". I am only talking about a company supporting their device for a reasonable lifetime. If that device comes with software then that means the software too, if it comes without then it is without. 

 

Needless to say, I wasn't talking about the practicalities of holding a company accountable rather what our rights as customers are.

Linux
11391 posts

Uber Geek

Trusted
Lifetime subscriber

  #1882612 12-Oct-2017 20:29
Send private message

" The disputes tribunal ruling is legally binding " now that is a joke I took a guy to the disputes tribunal many years back and won and never saw 1 cent

 

Linux

ArcticSilver
729 posts

Ultimate Geek


  #1882614 12-Oct-2017 20:31
Send private message

Linux:

 

" The disputes tribunal ruling is legally binding " now that is a joke I took a guy to the disputes tribunal many years back and won and never saw 1 cent

 

Linux

 

 

That shouldn't happen, but obviously the risk of this is is much higher for individuals/small companies over larger outfits.

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1882619 12-Oct-2017 20:38
Send private message

ArcticSilver:

 

 

 

This is what the disputes tribunal is for. The disputes tribunal ruling is legally binding.

 

 

 

 

The implications for literally the entire manufacturing sector along with any importer of goods are so significant that you can guarantee a loss in the disputes tribunal would result in an immediate appeal.

 

The consequences of a loss in a case like this would be massive. Imagine how much you'd need to pay for a phone if manufacturers had to keep giving you a free one every 2 years when the current model was no longer supported. What happens when YouTube no longer works on your 5 year old TV because Google change their API? Will every TV manufacturer need to give away a free TV every 5 years?

 

 

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright