Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
4556 posts

Uber Geek
+1 received by user: 1828


  Reply # 1882363 12-Oct-2017 11:00
One person supports this post
Send private message

A supported life of 2 -3 years from a phone does seem very short.  My last phone cost ~$1,000.

 

I can't think of another situation where I would accept a service life of 2 - 3 years for something that expensive.

 

I would rather see manufacturers and retailers invest in firmware for longer than invest in tacky bloat-ware - 90% of which I'm going to disable the day I get my new phone. 





Mike



67 posts

Master Geek
+1 received by user: 9


  Reply # 1882473 12-Oct-2017 15:02
Send private message

tripper1000:

 

IMHO having import information in a portable or connected device is inherently risky. People who are hyper concerned about security need to be mindful of what data is on their phones in the first place, and possibly shouldn't use a smart phone at all. An OS vulnerability is one thing but is it really your primary security concern?

 

Phones get physically stolen and lost every day and you are consequently vulnerable to loss of data and thief of valuable/compromising information. I know no one who has been hacked via bluetooth but many people who have physically lost their phones. Once a lost phone has been disconnected from data services, and a hacker physically has your phone (it could be moths later) there is nothing you can do to stop them having their wicked way with your data.

 

If your phone gets hacked or ends up as a node in a bot net and you have no valuable info on it - mhhha? Shrug it off and you can probably do a factory reset to get rid of the problem. 

 

 

You should probably not use a computer connected to a network either then.  Should probably turn in that work laptop too.  You can mitigate against losing your phone through being forgetful or having it stolen though.  My argument has been, turning off a feature to mitigate against a vulnerability shouldn't be seen as a solution to the problem.




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882475 12-Oct-2017 15:04
Send private message

michaelmurfy: @vyfster upgrade to lineage already...

 


Yep, I said I was going to.  Does that now preclude me from replying to people who are putting their POV's across?  Should I not enter into a debate to try and get my POV across?


14118 posts

Uber Geek
+1 received by user: 1795


  Reply # 1882477 12-Oct-2017 15:08
Send private message

vyfster:

mattwnz:


However bluetooth also isn't really needed to use the phone either. 



You do realise that a mobile phone is more than just a phone nowadays?  I take it you don't use hands free when driving?  What about using bluetooth earphones?  Or streaming to a media player via bluetooth from the mobile mini computer that is capable of making calls?  I also use it to connect my garmin heartrate monitor, via bluetooth, when out running / working out.


It's not needed to make calls (unless using hands free), but it is a feature of the mobile device (that is not only a phone).  IMHO all features should work and be free of defects for the mobile device.




I hadn't thought of that, although I don't generally use mine in the car for calling, just plugged into the headphone jack. But that does make me wonder how many phones currently being sold, especially at the lower end of the market that will never get future updates. That I guess is one of the reasons I purchased an iPhone as apple provide support for many years. Eg an iPhone 5s came out in 2013 and gets iOS support into 2018 although this is probably the last year so that is more than 4 years. Android OS generally less than 3 quoting the pixel support life. I have a cheap Android I recently purchased but that is already running an old Android version and I suspect it won't get any patch for this.



67 posts

Master Geek
+1 received by user: 9


  Reply # 1882478 12-Oct-2017 15:08
Send private message

Dratsab:
vyfster: Maybe I'm just paranoid or maybe I'm not paranoid enough!?

My thoughts are closely aligned with what @sbiddle has said. The chances of an actual attack (whether bluebourne or bluesnarf etc) are exceptionally low. Your phone will have either a class 1 or class 2 Bluetooth radio - most likely class 2, so any attacker would need to be within 10 metres of you to initiate an attack and remain within 10 metres of you for the duration.

 

 

I take it you're not caught in the Auckland rush "hours" in the morning and evening?  Driving with handsfree means bluetooth needs to be enabled.

 

Dratsab:
Modding, a-la the suggestion from USS @michaelmurfy, is another possibility as is the purchase of a different phone. A different phone could encompass something such as a second hand Nexus which won't be as expensive as a new phone but will have patches available, if not already installed.

 

Yep, I'm going to look into lineage.  I wasn't aware of it.  Thanks to @michaelmurfy for bringing it to my attention.  I have my own little project on atm so don't want to mess with my mobile device just yet, but will do so once done.




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882479 12-Oct-2017 15:09
Send private message

MikeAqua:

 

A supported life of 2 -3 years from a phone does seem very short.  My last phone cost ~$1,000.

 

I can't think of another situation where I would accept a service life of 2 - 3 years for something that expensive.

 

I would rather see manufacturers and retailers invest in firmware for longer than invest in tacky bloat-ware - 90% of which I'm going to disable the day I get my new phone. 

 

 

Yay!  Finally one person who might be on my side :)




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882481 12-Oct-2017 15:15
Send private message

I get the impression that people think I am arguing about a CGA claim.  I am not (well not really).  I asked for advice and to get a general consensus as to what people thought about the situation.  I received the advice and although not what I was wanting to hear, accept it.

 

This does not mean that I have to like it.  This does not mean that I am not going to try and convince people why I am obviously right and you are all wrong.  Quite frankly, I'm surprised it's taken so long .. ok j/k :)


579 posts

Ultimate Geek
+1 received by user: 374


  Reply # 1882506 12-Oct-2017 15:53
Send private message

vyfster: You should probably not use a computer connected to a network either then.  Should probably turn in that work laptop too.  You can mitigate against losing your phone through being forgetful or having it stolen though.  My argument has been, turning off a feature to mitigate against a vulnerability shouldn't be seen as a solution to the problem.

 

Yeah, gotcha on the 'shouldn't have to turn off' point.

 

The OEM has decided not to bother presumable because the risk is more theoretical than practical. The Wanna Cry attack was not theoretical at all, and M.S. came out with a patch for Windows XP, an obsolete OS, so they will act if the risk is there.

 

My point was that the risk is lower than other risks to your data.

 

If the OEM is going to leave holes in security your statement above holds true. If you want to store super important data that other people really want, it is best to isolate your computerised device from the outside world both physically and electronically. Todays news in Australia: Stuff Link


14118 posts

Uber Geek
+1 received by user: 1795


  Reply # 1882562 12-Oct-2017 17:35
Send private message

vyfster:

 

I get the impression that people think I am arguing about a CGA claim.  I am not (well not really).  I asked for advice and to get a general consensus as to what people thought about the situation.  I received the advice and although not what I was wanting to hear, accept it.

 

This does not mean that I have to like it.  This does not mean that I am not going to try and convince people why I am obviously right and you are all wrong.  Quite frankly, I'm surprised it's taken so long .. ok j/k :)

 

 

 

 

I think the situation is somewhat similar to the one that Tivo customers have, where the manufacturer(their local) agent, is ceasing providing access to the server that provides the programming guide, which it needs to operate to the advertised specifications, so the hardware is no longer able to do what it is supposed to do when they turn off the server. Although in your case the hardware will still fully work, but you are at potential risk of a security hole if you do use it. If enough people complained,  and they started having to do refunds, I do wonder how quickly they would release a patch for it?


672 posts

Ultimate Geek
+1 received by user: 112


  Reply # 1882572 12-Oct-2017 17:58
Send private message

Without getting into too much detail I would agree with most/if not all of vyfster's points.

 

Considering this was a Z3, a flagship ($800+) phone from Sony I think 3 years should be the minimum for this sort of support. This is a bug and this should be fixed. In my mind a CGA claim is perfectly reasonable if they refuse to fix it. You have to remember they will be selling a significant number of these devices, only Sony has the economies of scale to fix this.

 

At the end of the day it was Sony's choice to use Android and Sony's choice to use the problematic code/problematic hardware. They have sold the device as a Android device with bluetooth hence it is absolutely their responsibility to ensure it works for a reasonable lifetime. The only debate here (in my mind) is weather a vulnerability is significant enough to consider it a flaw that should be fixed, I would argue that it is.

 

 

 

Turning Bluetooth off is not an acceptable solution, nor is re-flashing a different unsupported OS.

 

 


26634 posts

Uber Geek
+1 received by user: 6135

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1882607 12-Oct-2017 20:12
Send private message

ArcticSilver:

 

Without getting into too much detail I would agree with most/if not all of vyfster's points.

 

Considering this was a Z3, a flagship ($800+) phone from Sony I think 3 years should be the minimum for this sort of support. This is a bug and this should be fixed. In my mind a CGA claim is perfectly reasonable if they refuse to fix it. You have to remember they will be selling a significant number of these devices, only Sony has the economies of scale to fix this.

 



 

You're forgetting a company doesn't have to accept a CGA claim. If they don't your only option is court action.

 

You can guarantee without fail that any company that ended up in court on such a charge is going to be so lawyered up because the implications of losing such a ruling is so massive it's beyond comprehension. This isn't just a phone issue, it's an issue that would affect entire industries. 

 

Like the Tivo issue the reality is consumer electronics goods have a life. 

 

 


672 posts

Ultimate Geek
+1 received by user: 112


  Reply # 1882610 12-Oct-2017 20:20
Send private message

sbiddle:

 

You're forgetting a company doesn't have to accept a CGA claim. If they don't your only option is court action.

 

You can guarantee without fail that any company that ended up in court on such a charge is going to be so lawyered up because the implications of losing such a ruling is so massive it's beyond comprehension. This isn't just a phone issue, it's an issue that would affect entire industries. 

 

Like the Tivo issue the reality is consumer electronics goods have a life. 

 

 

 

 

This is what the disputes tribunal is for. The disputes tribunal ruling is legally binding.

 

I don't agree the issue is "massive beyond comprehension". I am only talking about a company supporting their device for a reasonable lifetime. If that device comes with software then that means the software too, if it comes without then it is without. 

 

Needless to say, I wasn't talking about the practicalities of holding a company accountable rather what our rights as customers are.


3212 posts

Uber Geek
+1 received by user: 1800

Trusted
Lifetime subscriber

  Reply # 1882612 12-Oct-2017 20:29
Send private message

" The disputes tribunal ruling is legally binding " now that is a joke I took a guy to the disputes tribunal many years back and won and never saw 1 cent

 

Linux





Ex JohnR VodafoneNZ 17 years 4 days

672 posts

Ultimate Geek
+1 received by user: 112


  Reply # 1882614 12-Oct-2017 20:31
Send private message

Linux:

 

" The disputes tribunal ruling is legally binding " now that is a joke I took a guy to the disputes tribunal many years back and won and never saw 1 cent

 

Linux

 

 

That shouldn't happen, but obviously the risk of this is is much higher for individuals/small companies over larger outfits.


26634 posts

Uber Geek
+1 received by user: 6135

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1882619 12-Oct-2017 20:38
Send private message

ArcticSilver:

 

 

 

This is what the disputes tribunal is for. The disputes tribunal ruling is legally binding.

 

 

 

 

The implications for literally the entire manufacturing sector along with any importer of goods are so significant that you can guarantee a loss in the disputes tribunal would result in an immediate appeal.

 

The consequences of a loss in a case like this would be massive. Imagine how much you'd need to pay for a phone if manufacturers had to keep giving you a free one every 2 years when the current model was no longer supported. What happens when YouTube no longer works on your 5 year old TV because Google change their API? Will every TV manufacturer need to give away a free TV every 5 years?

 

 


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29


Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.