Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicBlueBourne - CGA Claim advice
vyfster

67 posts

Master Geek


#223637 10-Oct-2017 10:41
Send private message

Morning all

 

I have a Sony Xperia Z3 mobile phone, less than 3 years old, that no longer gets updates and is therefore vulnerable to BlueBourne.  It appears Sony are not going to provide a security update for this device.  I have contacted the retailer who sold me the phone to find out about a CGA claim.  All I really want is an updated firmware as there is nothing wrong with this phone.  Their response is as follows:

 

"We do not believe at [retailer] that your device vulnerability is covered by the Consumer Guarantees Act as it is the Hardware which we retail and software comes from the manufacturer. The fact the manufacturer, Sony, no longer gives security patch and software updates is because they believe your device to be old technology and it is out of the manufacturer’s warranty of 2 years."

 

"From the website, you gave us it appears all Bluetooth devices are vulnerable to this virus so the only way forward would be, as [..] suggested, not to turn on your Bluetooth or upgrade to a newer device which is able to have security patch and software updates to protect. This upgrade would be at your cost."

 

It would appear to me that the vulnerability is not really understood as they seem to think that it is a virus.  Also seem to think that Bluetooth is software and that an anti-virus should protect me - from phone conversation I had with them.  I think that it is absurd to suggest that I turn off Bluetooth if I don't want to be vulnerable to BlueBourne and think that that is a valid solution to this, as I lose functionality that I use often by turning off Bluetooth (I have turned it off but this shouldn't be the solution).  I shouldn't have to upgrade to a new device every year just to get updates.  This was a premium phone at the time!

 

What is the general consensus here?  Do I have a case for a CGA claim?  If so, how do I go about it?

 

Thanks.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | ... | 9
Linux
11161 posts

Uber Geek

Trusted
Lifetime subscriber

  #1880258 10-Oct-2017 10:44
Send private message

I agree with the retailer not CGA related at all, The phone is still working and doing it's job

 

Linux

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
dejadeadnz
2394 posts

Uber Geek
Inactive user


  #1880260 10-Oct-2017 10:57
Send private message

Given the age of the device and even if there is a security vulnerability, the relatively low chances of one materialising on the user etc, and the sheer commercial realities of having to provide on-going updates (and the well-documented difficulties of actually doing so for Android manufacturers), any retailer or manufacturer will fight this like heck. You can go to the DT and try your luck but apart from the clearest of cases, going to the DT is bit of a coin toss. And this comes from a RL lawyer and person experienced in advising on CGA and statutory compliance issues.

 

Cut your losses.

 

 

 

 

michaelmurfy
meow
13163 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1880264 10-Oct-2017 11:09
Send private message

Agreed here - I think it is time for a phone upgrade. Your phone has served you well for a reasonable amount of time.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



MurrayM
2440 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1880265 10-Oct-2017 11:16
Send private message

This has been covered before. See https://www.geekzone.co.nz/forums.asp?forumid=97&topicid=109230

vyfster

67 posts

Master Geek


  #1880273 10-Oct-2017 11:55
Send private message

Ok, not the answers I wanted to hear but I guess I'll have to cut my losses. 

 

Linux:

 

I agree with the retailer not CGA related at all, The phone is still working and doing it's job

 

Linux

 

 

My argument is that disabling a feature on the phone is not the phone working as it should be.  You buy a car with an infotainment feature.  Would your argument be that the car still works so the infotainment feature doesn't need to?

 

Thanks @dejadeadnz.  I'll take that advice and cut my losses - not that I want to.

 

michaelmurfy:

 

Agreed here - I think it is time for a phone upgrade. Your phone has served you well for a reasonable amount of time.

 

 

"reasonable amount of time" is subjective.  Time for an upgrade?  Really?  I don't chase latest models and don't replace "just because".  The device is fine bar the vulnerability that is patched in Android.  Just not for my device.

 

Thanks @MurrayM.  Didn't see that but then it is from 5 years back.

 

 

 

 

Linux
11161 posts

Uber Geek

Trusted
Lifetime subscriber

  #1880274 10-Oct-2017 11:57
Send private message

If you turn that feature on called ' Bluetooth ' it's still working as designed and still does it's job!

 

My Samsung S8 plus (under 6 months old) still has not got the BlueBourne patch

 

Linux

vyfster

67 posts

Master Geek


  #1880276 10-Oct-2017 12:02
Send private message

Linux:

 

If you turn that feature on called ' Bluetooth ' it's still working as designed and still does it's job!

 

 

This is the crux of my argument.  That feature is not working as designed.  It has a major flaw in it.  A flaw that exposes the device to a major vulnerability. 



Linux
11161 posts

Uber Geek

Trusted
Lifetime subscriber

  #1880283 10-Oct-2017 12:08
Send private message

vyfster:

 

Linux:

 

If you turn that feature on called ' Bluetooth ' it's still working as designed and still does it's job!

 

 

This is the crux of my argument.  That feature is not working as designed.  It has a major flaw in it.  A flaw that exposes the device to a major vulnerability. 

 

 

That flaw has always been there you have not just known about it till it reached the media and you purchased the handset with that flaw but as advised by yourself Bluetooth still works

 

Linux

vyfster

67 posts

Master Geek


  #1880294 10-Oct-2017 12:19
Send private message

Linux:

 

That flaw has always been there you have not just known about it till it reached the media and you purchased the handset with that flaw but as advised by yourself Bluetooth still works

 

 

I thought the whole point of the CGA was to cater for devices that had defects / flaws in them?  Defects / flaws are usually only found after purchase otherwise they wouldn't be purchased in the first place.

 

I've tried to think of an analogy that gets where my thinking is coming from.  All I can come with ATM is (I don't think it is a particularly good one, but here goes) - if you buy a lock, you would expect only the set of keys that come with that lock to be able to lock / unlock it.  However, after the fact, it comes to light that a certain procedure renders the lock useless in that it can be easily unlocked.  The lock still works "as designed".  You can still use your key to lock / unlock the lock.  It just so happens that others can too.  Do you happily continue using your lock?

 

I guess we'll just have to agree to disagree on this :)

CYaBro
4517 posts

Uber Geek

ID Verified
Trusted

  #1880309 10-Oct-2017 12:32
Send private message

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 




Opinions are my own and not the views of my employer.

vyfster

67 posts

Master Geek


  #1880319 10-Oct-2017 12:42
Send private message

CYaBro:

 

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 

The difference here is that Pandora is a third party / external service.  It has nothing to do with the functioning of the entertainment system - other than integration with an external provider.  So no, no new car expected under this circumstance.  However, if integration with Pandora was such that the entertainment system no longer functioned then I would argue that the software would need to be patched so that it is functional.  

 

I don't believe this to be the same thing as having to switch off a feature of the device in order for the device to be secure.

vyfster

67 posts

Master Geek


  #1880325 10-Oct-2017 12:55
Send private message

vyfster:

 

CYaBro:

 

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 

The difference here is that Pandora is a third party / external service.  It has nothing to do with the functioning of the entertainment system - other than integration with an external provider.  So no, no new car expected under this circumstance.  However, if integration with Pandora was such that the entertainment system no longer functioned then I would argue that the software would need to be patched so that it is functional.  

 

I don't believe this to be the same thing as having to switch off a feature of the device in order for the device to be secure.

 

 

Actually lets turn that on it's head.  What if the integration with a third party was done so poorly that when the third party is no longer in business the entertainment center stopped working.  And what if the Mazda said they are not updating it because the 4 year old car is out of it's 3 year warranty.  What would the expectation be then?

throbb
675 posts

Ultimate Geek


  #1880329 10-Oct-2017 13:05
Send private message

vyfster:

 

Linux:

 

That flaw has always been there you have not just known about it till it reached the media and you purchased the handset with that flaw but as advised by yourself Bluetooth still works

 

 

I thought the whole point of the CGA was to cater for devices that had defects / flaws in them?  Defects / flaws are usually only found after purchase otherwise they wouldn't be purchased in the first place.

 

I've tried to think of an analogy that gets where my thinking is coming from.  All I can come with ATM is (I don't think it is a particularly good one, but here goes) - if you buy a lock, you would expect only the set of keys that come with that lock to be able to lock / unlock it.  However, after the fact, it comes to light that a certain procedure renders the lock useless in that it can be easily unlocked.  The lock still works "as designed".  You can still use your key to lock / unlock the lock.  It just so happens that others can too.  Do you happily continue using your lock?

 

I guess we'll just have to agree to disagree on this :)

 

 

You might not continue to use the lock as its not as secure as it once was, but you wouldn't be able to return it to a store using the CGA unless the product guaranteed  it was un pickable/hackable or what ever.

 

 

michaelmurfy
meow
13163 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1880344 10-Oct-2017 13:45
Send private message

You've also got to remember there are millions of devices out there vulnerable to something (for example smart TV's) that will not be getting security patches. There are also millions (maybe billions) of phones / devices vulnerable to Bluebourne.

 

Your phone has reached end of life by the manufacturer. You're still however free to flash it with your own custom rom to extend its life (and stay up to date with security patches) if you desire - the Z3 has a good modding community still. A very popular OS distribution is Lineage OS (Link) which will patch the Bluebourne vulnerability in the process.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

vyfster

67 posts

Master Geek


  #1880349 10-Oct-2017 13:52
Send private message

michaelmurfy:

 

You've also got to remember there are millions of devices out there vulnerable to something (for example smart TV's) that will not be getting security patches. There are also millions (maybe billions) of phones / devices vulnerable to Bluebourne.

 

Your phone has reached end of life by the manufacturer. You're still however free to flash it with your own custom rom to extend its life (and stay up to date with security patches) if you desire - the Z3 has a good modding community still. A very popular OS distribution is Lineage OS (Link) which will patch the Bluebourne vulnerability in the process.

 

 

Awesome, thanks for the link!  I wasn't aware of Lineage.  Will look into it.

 

I think that when it comes to security, manufacturers should be made to be responsible for what they produce.  If not, then best case, everything just becomes another node in a botnet.  At worst, who know what information you lose.  Identity theft, bank account cleaned out, who knows what else.  Maybe I'm just paranoid or maybe I'm not paranoid enough!?

 1 | 2 | 3 | 4 | 5 | 6 | ... | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Samsung 9100 Pro NVMe SSD Review
Posted 11-Apr-2025 13:11

Motorola Announces New Mid-tier Phones moto g05 and g15
Posted 4-Apr-2025 00:00

SoftMaker Releases Free PDF editor FreePDF 2025
Posted 3-Apr-2025 15:26

Moto G85 5G Review
Posted 30-Mar-2025 11:53

Ring Launches New AI-Powered Smart Video Search
Posted 27-Mar-2025 16:30

OPPO RENO13 Series Launches in New Zealand
Posted 27-Mar-2025 05:00

Sony Electronics Announces the WF-C710N Truly Wireless Noise Cancelling Earbuds
Posted 26-Mar-2025 20:37

New Harman Kardon Portable Home Speakers Bring Performance and Looks Together
Posted 26-Mar-2025 20:30

Data Insight Launches The Data Academy
Posted 26-Mar-2025 20:21

Oclean AirPump A10 Portable Water Flosser Wins iF Design Award 2025
Posted 20-Mar-2025 12:05

OPPO Find X8 Pro Review
Posted 14-Mar-2025 14:59

Samsung Galaxy Ring Now Available in New Zealand
Posted 14-Mar-2025 13:52

2degrees Announces Partnership With AST SpaceMobile and Plans for NZ Launch
Posted 11-Mar-2025 10:05

Samsung Introduces New Galaxy A56 5G, Galaxy A36 5G and Galaxy A26 5G
Posted 9-Mar-2025 12:18

Cricut Unveils the Next Generation of Smart Cutting Machines
Posted 9-Mar-2025 12:06








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright