Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
2934 posts

Uber Geek
+1 received by user: 278


  Reply # 1880350 10-Oct-2017 13:56
Send private message

vyfster:

 

CYaBro:

 

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 

The difference here is that Pandora is a third party / external service.  It has nothing to do with the functioning of the entertainment system - other than integration with an external provider.  So no, no new car expected under this circumstance.  However, if integration with Pandora was such that the entertainment system no longer functioned then I would argue that the software would need to be patched so that it is functional.  

 

I don't believe this to be the same thing as having to switch off a feature of the device in order for the device to be secure.

 

 

 

 

Except that if you had told the sales person that Pandora was the reason you were buying that car, and they said yes this car has Pandora, and now that feature no longer exists, then what?







67 posts

Master Geek
+1 received by user: 9


  Reply # 1880353 10-Oct-2017 14:05
Send private message

CYaBro:

 

 Except that if you had told the sales person that Pandora was the reason you were buying that car, and they said yes this car has Pandora, and now that feature no longer exists, then what?

 

 

I honestly don't see this as being the same.  One is integration with a third party supplying a service and the other is a feature of the device / OS.  The manufacturer has no say / control over how that service provider operates.  But they do have control over the functioning of the features within their devices.


685 posts

Ultimate Geek
+1 received by user: 189


  Reply # 1880354 10-Oct-2017 14:08
Send private message

Do phones have user licenses attached to cover use of the operating system? I think my Apple does, but to be honest, its part of the set up process that is usually skipped (who reads those things anyway).

 

If there is, I suspect that there are appropriate disclaimers within said user license that would specifically indemnify the phone manufacturer and operating system developer from liability by someone creating an exploit.


Meow
7540 posts

Uber Geek
+1 received by user: 3650

Moderator
Trusted
Lifetime subscriber

  Reply # 1880355 10-Oct-2017 14:16
Send private message

vyfster:

 

Awesome, thanks for the link!  I wasn't aware of Lineage.  Will look into it.

 

I think that when it comes to security, manufacturers should be made to be responsible for what they produce.  If not, then best case, everything just becomes another node in a botnet.  At worst, who know what information you lose.  Identity theft, bank account cleaned out, who knows what else.  Maybe I'm just paranoid or maybe I'm not paranoid enough!?

 

I do completely see your point but my phone was patched rather quickly too (OnePlus 5) so I was only stressing for a few weeks. I just don't think it is a CGA issue. I do also agree with major high visibility vulnerabilities that more companies should take responsibility but on the flipside of that there are phones that people are still using (older iPhones) that will remain unpatched and vulnerable. Companies have to draw a line at some point and will likely have usage stats of each device otherwise they'll be forced to keep paying staff (and for infrastructure) to package and release updates to phones technically beyond their shelf life.

 

But with Android you almost always have options with third party firmware and companies like Sony often make it easy to flash these since it is still your device. Also some people are stupid to the point a security update wouldn't fix them downloading pirated apps from third party sources bundled with malware (Link).

 

Android is a great platform but unless if you're buying direct from Google you can almost expect your updates to slow down after a single year which is why I always check out XDA before buying a phone to ensure there is an active community working on third party roms.





14123 posts

Uber Geek
+1 received by user: 1796


  Reply # 1882162 11-Oct-2017 23:01
Send private message

CYaBro:

 

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 

 

 

 

 

That doesn't stop you driving the car though, and it could be replaced with something else in the future via a software update. Also it is a third party service.  Hopefully they are going to add apple carplay to it, because I find the infosystem not great, and laggy, and I also found the pandora app on it crashy. Also can't you still access Pandora if you use something like getflix?

 

However bluetooth also isn't really needed to use the phone either. 




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882323 12-Oct-2017 10:06
Send private message

mattwnz:

 

However bluetooth also isn't really needed to use the phone either. 

 

 

You do realise that a mobile phone is more than just a phone nowadays?  I take it you don't use hands free when driving?  What about using bluetooth earphones?  Or streaming to a media player via bluetooth from the mobile mini computer that is capable of making calls?  I also use it to connect my garmin heartrate monitor, via bluetooth, when out running / working out.

 

It's not needed to make calls (unless using hands free), but it is a feature of the mobile device (that is not only a phone).  IMHO all features should work and be free of defects for the mobile device.


3221 posts

Uber Geek
+1 received by user: 1802

Trusted
Lifetime subscriber

  Reply # 1882324 12-Oct-2017 10:09
2 people support this post
Send private message

Defect and vulnerability are two different things and still don't beleive you have a case zero , zip , nada

 

Linux





Ex JohnR VodafoneNZ 17 years 4 days

26647 posts

Uber Geek
+1 received by user: 6151

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1882332 12-Oct-2017 10:24
One person supports this post
Send private message

In all seriousness you need to do two things - either commit some serious money to trying to take on every corporate in NZ who will certainly lawyer up or build a bridge and move on.

 

All products have a lifespan. The Z3 is now an end of life unsupported device that is now 3 years old. Sony are one of the best manufacturers out there when it comes to updates, and they are supporting all phones with updates for around 2 years. This is well beyond that many phone manufacturers are doing.

 

Are you prepared to pay 2-3x the price you do for a phone if a manufacturer was forced to provide software updates for an infinite period for every device they've ever made?

 

As for the actual issue itself maybe you need to weight up the risk of it actually occurring vs the risk of everything else in life. From a risk analysis point of view there is a significantly greater chance of you being hit by a bus today than having your phone hacked. Tomorrow the chances of you being diagnosed as having cancer will be significantly greater than having your phone hacked. 

 

 




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882333 12-Oct-2017 10:25
Send private message

Linux:

 

Defect and vulnerability are two different things and still don't beleive you have a case zero , zip , nada

 

 

I accept that you don't believe I have a case.  I have taken the advice to cut my losses, which I'll do.  However, I don't accept that vulnerabilities are not defects.  I don't understand why security isn't seen as an important "feature" of the mobile device.  Especially since we seem to be storing more and more data on our mobile devices.  We also use them to do banking when out and about.  And then there's Android Pay which stores credit card information. 

 

To my mind, the vulnerability is a defect in the software and therefore should be considered as such - a defect.  And no, it doesn't operate as intended as I'm sure the intention wasn't to expose the device to vulnerabilities in this way.


2171 posts

Uber Geek
+1 received by user: 657

Subscriber

  Reply # 1882336 12-Oct-2017 10:33
Send private message

I have to ask...did you seriously think you would make any progress on this as a genuine issue, or were you just trying it on to get a new phone?




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882338 12-Oct-2017 10:35
Send private message

sbiddle:

 

In all seriousness you need to do two things - either commit some serious money to trying to take on every corporate in NZ who will certainly lawyer up or build a bridge and move on.

 

 

I have built a bridge and have moved on.  I'm pretty sure I have said as much too.  I am debating the points people are raising, which I thought was one of the reasons for having a forum?

 

sbiddle:

 

All products have a lifespan. The Z3 is now an end of life unsupported device that is now 3 years old. Sony are one of the best manufacturers out there when it comes to updates, and they are supporting all phones with updates for around 2 years. This is well beyond that many phone manufacturers are doing.

 

Are you prepared to pay 2-3x the price you do for a phone if a manufacturer was forced to provide software updates for an infinite period for every device they've ever made?

 

 

Apple support their devices for 5 years.  Why should Android phones be any different?

 

sbiddle:

 

As for the actual issue itself maybe you need to weight up the risk of it actually occurring vs the risk of everything else in life. From a risk analysis point of view there is a significantly greater chance of you being hit by a bus today than having your phone hacked. Tomorrow the chances of you being diagnosed as having cancer will be significantly greater than having your phone hacked.  

 

 

 

Until someone turns this vulnerability into a worm where all infected devices infect other devices around them.  Also, you wouldn't necessarily know if someone were to take advantage of this vulnerability.  

 

So to be clear - I have taken the advice and am not interested in lodging a CGA claim.  But I am interested in understanding why people don't seem to place much value in the security of a device.  Any device for that matter.  Given the explosion of IoT devices, this (security) should be priority number one, but unfortunately it isn't.  And if manufacturers are not spanked for it, then they'll continue to ignore it.

 

 




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882343 12-Oct-2017 10:38
Send private message

lxsw20:

 

I have to ask...did you seriously think you would make any progress on this as a genuine issue, or were you just trying it on to get a new phone?

 

 

I'm not interested in getting a new phone.  There is nothing wrong with my phone.  I would've been happy with a firmware update that addressed this vulnerability. 

 

To me, this is a genuine issue because I lose a feature that I use all the time by having to turn off bluetooth.

 

I'd also like to point to the title - I was asking for advice and to get a general consensus on whether I had a case or not.  


579 posts

Ultimate Geek
+1 received by user: 374


  Reply # 1882357 12-Oct-2017 10:55
Send private message

IMHO having import information in a portable or connected device is inherently risky. People who are hyper concerned about security need to be mindful of what data is on their phones in the first place, and possibly shouldn't use a smart phone at all. An OS vulnerability is one thing but is it really your primary security concern?

 

Phones get physically stolen and lost every day and you are consequently vulnerable to loss of data and thief of valuable/compromising information. I know no one who has been hacked via bluetooth but many people who have physically lost their phones. Once a lost phone has been disconnected from data services, and a hacker physically has your phone (it could be moths later) there is nothing you can do to stop them having their wicked way with your data.

 

If your phone gets hacked or ends up as a node in a bot net and you have no valuable info on it - mhhha? Shrug it off and you can probably do a factory reset to get rid of the problem. 

 

 


Meow
7540 posts

Uber Geek
+1 received by user: 3650

Moderator
Trusted
Lifetime subscriber

3091 posts

Uber Geek
+1 received by user: 926

Trusted
Lifetime subscriber

  Reply # 1882362 12-Oct-2017 10:59
One person supports this post
Send private message

vyfster: Maybe I'm just paranoid or maybe I'm not paranoid enough!?

My thoughts are closely aligned with what @sbiddle has said. The chances of an actual attack (whether bluebourne or bluesnarf etc) are exceptionally low. Your phone will have either a class 1 or class 2 Bluetooth radio - most likely class 2, so any attacker would need to be within 10 metres of you to initiate an attack and remain within 10 metres of you for the duration.

Tbh - swiping down on the status bar and turning Bluetooth off when you're not using it is hardly onerous and good for your battery life. I'd suggest getting into this habit is a reasonable solution to your 'problem'.

Modding, a-la the suggestion from USS @michaelmurfy, is another possibility as is the purchase of a different phone. A different phone could encompass something such as a second hand Nexus which won't be as expensive as a new phone but will have patches available, if not already installed.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29


Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.