Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
3233 posts

Uber Geek

Subscriber

  #1880350 10-Oct-2017 13:56
Send private message

vyfster:

 

CYaBro:

 

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 

The difference here is that Pandora is a third party / external service.  It has nothing to do with the functioning of the entertainment system - other than integration with an external provider.  So no, no new car expected under this circumstance.  However, if integration with Pandora was such that the entertainment system no longer functioned then I would argue that the software would need to be patched so that it is functional.  

 

I don't believe this to be the same thing as having to switch off a feature of the device in order for the device to be secure.

 

 

 

 

Except that if you had told the sales person that Pandora was the reason you were buying that car, and they said yes this car has Pandora, and now that feature no longer exists, then what?




67 posts

Master Geek


  #1880353 10-Oct-2017 14:05
Send private message

CYaBro:

 

 Except that if you had told the sales person that Pandora was the reason you were buying that car, and they said yes this car has Pandora, and now that feature no longer exists, then what?

 

 

I honestly don't see this as being the same.  One is integration with a third party supplying a service and the other is a feature of the device / OS.  The manufacturer has no say / control over how that service provider operates.  But they do have control over the functioning of the features within their devices.


 
 
 
 


893 posts

Ultimate Geek


  #1880354 10-Oct-2017 14:08
Send private message

Do phones have user licenses attached to cover use of the operating system? I think my Apple does, but to be honest, its part of the set up process that is usually skipped (who reads those things anyway).

 

If there is, I suspect that there are appropriate disclaimers within said user license that would specifically indemnify the phone manufacturer and operating system developer from liability by someone creating an exploit.


/dev/null
9079 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1880355 10-Oct-2017 14:16
Send private message

vyfster:

 

Awesome, thanks for the link!  I wasn't aware of Lineage.  Will look into it.

 

I think that when it comes to security, manufacturers should be made to be responsible for what they produce.  If not, then best case, everything just becomes another node in a botnet.  At worst, who know what information you lose.  Identity theft, bank account cleaned out, who knows what else.  Maybe I'm just paranoid or maybe I'm not paranoid enough!?

 

I do completely see your point but my phone was patched rather quickly too (OnePlus 5) so I was only stressing for a few weeks. I just don't think it is a CGA issue. I do also agree with major high visibility vulnerabilities that more companies should take responsibility but on the flipside of that there are phones that people are still using (older iPhones) that will remain unpatched and vulnerable. Companies have to draw a line at some point and will likely have usage stats of each device otherwise they'll be forced to keep paying staff (and for infrastructure) to package and release updates to phones technically beyond their shelf life.

 

But with Android you almost always have options with third party firmware and companies like Sony often make it easy to flash these since it is still your device. Also some people are stupid to the point a security update wouldn't fix them downloading pirated apps from third party sources bundled with malware (Link).

 

Android is a great platform but unless if you're buying direct from Google you can almost expect your updates to slow down after a single year which is why I always check out XDA before buying a phone to ensure there is an active community working on third party roms.





15423 posts

Uber Geek


  #1882162 11-Oct-2017 23:01
Send private message

CYaBro:

 

I had a similar talk with a colleague here at work.

 

He bought a brand new Mazda 3 about 18 months ago, and one of the nice features of the entertainment system was the built in Pandora support.

 

Now that Pandora is no longer available in NZ he must be able to get a replacement car surely?! :)

 

 

 

 

 

 

That doesn't stop you driving the car though, and it could be replaced with something else in the future via a software update. Also it is a third party service.  Hopefully they are going to add apple carplay to it, because I find the infosystem not great, and laggy, and I also found the pandora app on it crashy. Also can't you still access Pandora if you use something like getflix?

 

However bluetooth also isn't really needed to use the phone either. 




67 posts

Master Geek


  #1882323 12-Oct-2017 10:06
Send private message

mattwnz:

 

However bluetooth also isn't really needed to use the phone either. 

 

 

You do realise that a mobile phone is more than just a phone nowadays?  I take it you don't use hands free when driving?  What about using bluetooth earphones?  Or streaming to a media player via bluetooth from the mobile mini computer that is capable of making calls?  I also use it to connect my garmin heartrate monitor, via bluetooth, when out running / working out.

 

It's not needed to make calls (unless using hands free), but it is a feature of the mobile device (that is not only a phone).  IMHO all features should work and be free of defects for the mobile device.


5890 posts

Uber Geek

Trusted
Lifetime subscriber

  #1882324 12-Oct-2017 10:09
2 people support this post
Send private message

Defect and vulnerability are two different things and still don't beleive you have a case zero , zip , nada

 

Linux


 
 
 
 


28679 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #1882332 12-Oct-2017 10:24
One person supports this post
Send private message

In all seriousness you need to do two things - either commit some serious money to trying to take on every corporate in NZ who will certainly lawyer up or build a bridge and move on.

 

All products have a lifespan. The Z3 is now an end of life unsupported device that is now 3 years old. Sony are one of the best manufacturers out there when it comes to updates, and they are supporting all phones with updates for around 2 years. This is well beyond that many phone manufacturers are doing.

 

Are you prepared to pay 2-3x the price you do for a phone if a manufacturer was forced to provide software updates for an infinite period for every device they've ever made?

 

As for the actual issue itself maybe you need to weight up the risk of it actually occurring vs the risk of everything else in life. From a risk analysis point of view there is a significantly greater chance of you being hit by a bus today than having your phone hacked. Tomorrow the chances of you being diagnosed as having cancer will be significantly greater than having your phone hacked. 

 

 




67 posts

Master Geek


  #1882333 12-Oct-2017 10:25
Send private message

Linux:

 

Defect and vulnerability are two different things and still don't beleive you have a case zero , zip , nada

 

 

I accept that you don't believe I have a case.  I have taken the advice to cut my losses, which I'll do.  However, I don't accept that vulnerabilities are not defects.  I don't understand why security isn't seen as an important "feature" of the mobile device.  Especially since we seem to be storing more and more data on our mobile devices.  We also use them to do banking when out and about.  And then there's Android Pay which stores credit card information. 

 

To my mind, the vulnerability is a defect in the software and therefore should be considered as such - a defect.  And no, it doesn't operate as intended as I'm sure the intention wasn't to expose the device to vulnerabilities in this way.


2340 posts

Uber Geek

Subscriber

  #1882336 12-Oct-2017 10:33
Send private message

I have to ask...did you seriously think you would make any progress on this as a genuine issue, or were you just trying it on to get a new phone?




67 posts

Master Geek


  #1882338 12-Oct-2017 10:35
Send private message

sbiddle:

 

In all seriousness you need to do two things - either commit some serious money to trying to take on every corporate in NZ who will certainly lawyer up or build a bridge and move on.

 

 

I have built a bridge and have moved on.  I'm pretty sure I have said as much too.  I am debating the points people are raising, which I thought was one of the reasons for having a forum?

 

sbiddle:

 

All products have a lifespan. The Z3 is now an end of life unsupported device that is now 3 years old. Sony are one of the best manufacturers out there when it comes to updates, and they are supporting all phones with updates for around 2 years. This is well beyond that many phone manufacturers are doing.

 

Are you prepared to pay 2-3x the price you do for a phone if a manufacturer was forced to provide software updates for an infinite period for every device they've ever made?

 

 

Apple support their devices for 5 years.  Why should Android phones be any different?

 

sbiddle:

 

As for the actual issue itself maybe you need to weight up the risk of it actually occurring vs the risk of everything else in life. From a risk analysis point of view there is a significantly greater chance of you being hit by a bus today than having your phone hacked. Tomorrow the chances of you being diagnosed as having cancer will be significantly greater than having your phone hacked.  

 

 

 

Until someone turns this vulnerability into a worm where all infected devices infect other devices around them.  Also, you wouldn't necessarily know if someone were to take advantage of this vulnerability.  

 

So to be clear - I have taken the advice and am not interested in lodging a CGA claim.  But I am interested in understanding why people don't seem to place much value in the security of a device.  Any device for that matter.  Given the explosion of IoT devices, this (security) should be priority number one, but unfortunately it isn't.  And if manufacturers are not spanked for it, then they'll continue to ignore it.

 

 




67 posts

Master Geek


  #1882343 12-Oct-2017 10:38
Send private message

lxsw20:

 

I have to ask...did you seriously think you would make any progress on this as a genuine issue, or were you just trying it on to get a new phone?

 

 

I'm not interested in getting a new phone.  There is nothing wrong with my phone.  I would've been happy with a firmware update that addressed this vulnerability. 

 

To me, this is a genuine issue because I lose a feature that I use all the time by having to turn off bluetooth.

 

I'd also like to point to the title - I was asking for advice and to get a general consensus on whether I had a case or not.  


1143 posts

Uber Geek


  #1882357 12-Oct-2017 10:55
Send private message

IMHO having import information in a portable or connected device is inherently risky. People who are hyper concerned about security need to be mindful of what data is on their phones in the first place, and possibly shouldn't use a smart phone at all. An OS vulnerability is one thing but is it really your primary security concern?

 

Phones get physically stolen and lost every day and you are consequently vulnerable to loss of data and thief of valuable/compromising information. I know no one who has been hacked via bluetooth but many people who have physically lost their phones. Once a lost phone has been disconnected from data services, and a hacker physically has your phone (it could be moths later) there is nothing you can do to stop them having their wicked way with your data.

 

If your phone gets hacked or ends up as a node in a bot net and you have no valuable info on it - mhhha? Shrug it off and you can probably do a factory reset to get rid of the problem. 

 

 


/dev/null
9079 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

3523 posts

Uber Geek

Trusted
Lifetime subscriber

  #1882362 12-Oct-2017 10:59
One person supports this post
Send private message

vyfster: Maybe I'm just paranoid or maybe I'm not paranoid enough!?

My thoughts are closely aligned with what @sbiddle has said. The chances of an actual attack (whether bluebourne or bluesnarf etc) are exceptionally low. Your phone will have either a class 1 or class 2 Bluetooth radio - most likely class 2, so any attacker would need to be within 10 metres of you to initiate an attack and remain within 10 metres of you for the duration.

Tbh - swiping down on the status bar and turning Bluetooth off when you're not using it is hardly onerous and good for your battery life. I'd suggest getting into this habit is a reasonable solution to your 'problem'.

Modding, a-la the suggestion from USS @michaelmurfy, is another possibility as is the purchase of a different phone. A different phone could encompass something such as a second hand Nexus which won't be as expensive as a new phone but will have patches available, if not already installed.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.