Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
3228 posts

Uber Geek
+1 received by user: 1209


  Reply # 1882363 12-Oct-2017 11:00
One person supports this post
Send private message quote this post

A supported life of 2 -3 years from a phone does seem very short.  My last phone cost ~$1,000.

 

I can't think of another situation where I would accept a service life of 2 - 3 years for something that expensive.

 

I would rather see manufacturers and retailers invest in firmware for longer than invest in tacky bloat-ware - 90% of which I'm going to disable the day I get my new phone. 





Mike



67 posts

Master Geek
+1 received by user: 9


  Reply # 1882473 12-Oct-2017 15:02
Send private message quote this post

tripper1000:

 

IMHO having import information in a portable or connected device is inherently risky. People who are hyper concerned about security need to be mindful of what data is on their phones in the first place, and possibly shouldn't use a smart phone at all. An OS vulnerability is one thing but is it really your primary security concern?

 

Phones get physically stolen and lost every day and you are consequently vulnerable to loss of data and thief of valuable/compromising information. I know no one who has been hacked via bluetooth but many people who have physically lost their phones. Once a lost phone has been disconnected from data services, and a hacker physically has your phone (it could be moths later) there is nothing you can do to stop them having their wicked way with your data.

 

If your phone gets hacked or ends up as a node in a bot net and you have no valuable info on it - mhhha? Shrug it off and you can probably do a factory reset to get rid of the problem. 

 

 

You should probably not use a computer connected to a network either then.  Should probably turn in that work laptop too.  You can mitigate against losing your phone through being forgetful or having it stolen though.  My argument has been, turning off a feature to mitigate against a vulnerability shouldn't be seen as a solution to the problem.


 
 
 
 




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882475 12-Oct-2017 15:04
Send private message quote this post

michaelmurfy: @vyfster upgrade to lineage already...

 


Yep, I said I was going to.  Does that now preclude me from replying to people who are putting their POV's across?  Should I not enter into a debate to try and get my POV across?


13371 posts

Uber Geek
+1 received by user: 1601


  Reply # 1882477 12-Oct-2017 15:08
Send private message quote this post

vyfster:

mattwnz:


However bluetooth also isn't really needed to use the phone either. 



You do realise that a mobile phone is more than just a phone nowadays?  I take it you don't use hands free when driving?  What about using bluetooth earphones?  Or streaming to a media player via bluetooth from the mobile mini computer that is capable of making calls?  I also use it to connect my garmin heartrate monitor, via bluetooth, when out running / working out.


It's not needed to make calls (unless using hands free), but it is a feature of the mobile device (that is not only a phone).  IMHO all features should work and be free of defects for the mobile device.




I hadn't thought of that, although I don't generally use mine in the car for calling, just plugged into the headphone jack. But that does make me wonder how many phones currently being sold, especially at the lower end of the market that will never get future updates. That I guess is one of the reasons I purchased an iPhone as apple provide support for many years. Eg an iPhone 5s came out in 2013 and gets iOS support into 2018 although this is probably the last year so that is more than 4 years. Android OS generally less than 3 quoting the pixel support life. I have a cheap Android I recently purchased but that is already running an old Android version and I suspect it won't get any patch for this.



67 posts

Master Geek
+1 received by user: 9


  Reply # 1882478 12-Oct-2017 15:08
Send private message quote this post

Dratsab:
vyfster: Maybe I'm just paranoid or maybe I'm not paranoid enough!?

My thoughts are closely aligned with what @sbiddle has said. The chances of an actual attack (whether bluebourne or bluesnarf etc) are exceptionally low. Your phone will have either a class 1 or class 2 Bluetooth radio - most likely class 2, so any attacker would need to be within 10 metres of you to initiate an attack and remain within 10 metres of you for the duration.

 

 

I take it you're not caught in the Auckland rush "hours" in the morning and evening?  Driving with handsfree means bluetooth needs to be enabled.

 

Dratsab:
Modding, a-la the suggestion from USS @michaelmurfy, is another possibility as is the purchase of a different phone. A different phone could encompass something such as a second hand Nexus which won't be as expensive as a new phone but will have patches available, if not already installed.

 

Yep, I'm going to look into lineage.  I wasn't aware of it.  Thanks to @michaelmurfy for bringing it to my attention.  I have my own little project on atm so don't want to mess with my mobile device just yet, but will do so once done.




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882479 12-Oct-2017 15:09
Send private message quote this post

MikeAqua:

 

A supported life of 2 -3 years from a phone does seem very short.  My last phone cost ~$1,000.

 

I can't think of another situation where I would accept a service life of 2 - 3 years for something that expensive.

 

I would rather see manufacturers and retailers invest in firmware for longer than invest in tacky bloat-ware - 90% of which I'm going to disable the day I get my new phone. 

 

 

Yay!  Finally one person who might be on my side :)




67 posts

Master Geek
+1 received by user: 9


  Reply # 1882481 12-Oct-2017 15:15
Send private message quote this post

I get the impression that people think I am arguing about a CGA claim.  I am not (well not really).  I asked for advice and to get a general consensus as to what people thought about the situation.  I received the advice and although not what I was wanting to hear, accept it.

 

This does not mean that I have to like it.  This does not mean that I am not going to try and convince people why I am obviously right and you are all wrong.  Quite frankly, I'm surprised it's taken so long .. ok j/k :)


387 posts

Ultimate Geek
+1 received by user: 252


  Reply # 1882506 12-Oct-2017 15:53
Send private message quote this post

vyfster: You should probably not use a computer connected to a network either then.  Should probably turn in that work laptop too.  You can mitigate against losing your phone through being forgetful or having it stolen though.  My argument has been, turning off a feature to mitigate against a vulnerability shouldn't be seen as a solution to the problem.

 

Yeah, gotcha on the 'shouldn't have to turn off' point.

 

The OEM has decided not to bother presumable because the risk is more theoretical than practical. The Wanna Cry attack was not theoretical at all, and M.S. came out with a patch for Windows XP, an obsolete OS, so they will act if the risk is there.

 

My point was that the risk is lower than other risks to your data.

 

If the OEM is going to leave holes in security your statement above holds true. If you want to store super important data that other people really want, it is best to isolate your computerised device from the outside world both physically and electronically. Todays news in Australia: Stuff Link


13371 posts

Uber Geek
+1 received by user: 1601


  Reply # 1882562 12-Oct-2017 17:35
Send private message quote this post

vyfster:

 

I get the impression that people think I am arguing about a CGA claim.  I am not (well not really).  I asked for advice and to get a general consensus as to what people thought about the situation.  I received the advice and although not what I was wanting to hear, accept it.

 

This does not mean that I have to like it.  This does not mean that I am not going to try and convince people why I am obviously right and you are all wrong.  Quite frankly, I'm surprised it's taken so long .. ok j/k :)

 

 

 

 

I think the situation is somewhat similar to the one that Tivo customers have, where the manufacturer(their local) agent, is ceasing providing access to the server that provides the programming guide, which it needs to operate to the advertised specifications, so the hardware is no longer able to do what it is supposed to do when they turn off the server. Although in your case the hardware will still fully work, but you are at potential risk of a security hole if you do use it. If enough people complained,  and they started having to do refunds, I do wonder how quickly they would release a patch for it?


655 posts

Ultimate Geek
+1 received by user: 105


  Reply # 1882572 12-Oct-2017 17:58
Send private message quote this post

Without getting into too much detail I would agree with most/if not all of vyfster's points.

 

Considering this was a Z3, a flagship ($800+) phone from Sony I think 3 years should be the minimum for this sort of support. This is a bug and this should be fixed. In my mind a CGA claim is perfectly reasonable if they refuse to fix it. You have to remember they will be selling a significant number of these devices, only Sony has the economies of scale to fix this.

 

At the end of the day it was Sony's choice to use Android and Sony's choice to use the problematic code/problematic hardware. They have sold the device as a Android device with bluetooth hence it is absolutely their responsibility to ensure it works for a reasonable lifetime. The only debate here (in my mind) is weather a vulnerability is significant enough to consider it a flaw that should be fixed, I would argue that it is.

 

 

 

Turning Bluetooth off is not an acceptable solution, nor is re-flashing a different unsupported OS.

 

 


25691 posts

Uber Geek
+1 received by user: 5445

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1882607 12-Oct-2017 20:12
Send private message quote this post

ArcticSilver:

 

Without getting into too much detail I would agree with most/if not all of vyfster's points.

 

Considering this was a Z3, a flagship ($800+) phone from Sony I think 3 years should be the minimum for this sort of support. This is a bug and this should be fixed. In my mind a CGA claim is perfectly reasonable if they refuse to fix it. You have to remember they will be selling a significant number of these devices, only Sony has the economies of scale to fix this.

 



 

You're forgetting a company doesn't have to accept a CGA claim. If they don't your only option is court action.

 

You can guarantee without fail that any company that ended up in court on such a charge is going to be so lawyered up because the implications of losing such a ruling is so massive it's beyond comprehension. This isn't just a phone issue, it's an issue that would affect entire industries. 

 

Like the Tivo issue the reality is consumer electronics goods have a life. 

 

 


655 posts

Ultimate Geek
+1 received by user: 105


  Reply # 1882610 12-Oct-2017 20:20
Send private message quote this post

sbiddle:

 

You're forgetting a company doesn't have to accept a CGA claim. If they don't your only option is court action.

 

You can guarantee without fail that any company that ended up in court on such a charge is going to be so lawyered up because the implications of losing such a ruling is so massive it's beyond comprehension. This isn't just a phone issue, it's an issue that would affect entire industries. 

 

Like the Tivo issue the reality is consumer electronics goods have a life. 

 

 

 

 

This is what the disputes tribunal is for. The disputes tribunal ruling is legally binding.

 

I don't agree the issue is "massive beyond comprehension". I am only talking about a company supporting their device for a reasonable lifetime. If that device comes with software then that means the software too, if it comes without then it is without. 

 

Needless to say, I wasn't talking about the practicalities of holding a company accountable rather what our rights as customers are.


1662 posts

Uber Geek
+1 received by user: 950

Trusted
Subscriber

  Reply # 1882612 12-Oct-2017 20:29
Send private message quote this post

" The disputes tribunal ruling is legally binding " now that is a joke I took a guy to the disputes tribunal many years back and won and never saw 1 cent

 

Linux


655 posts

Ultimate Geek
+1 received by user: 105


  Reply # 1882614 12-Oct-2017 20:31
Send private message quote this post

Linux:

 

" The disputes tribunal ruling is legally binding " now that is a joke I took a guy to the disputes tribunal many years back and won and never saw 1 cent

 

Linux

 

 

That shouldn't happen, but obviously the risk of this is is much higher for individuals/small companies over larger outfits.


25691 posts

Uber Geek
+1 received by user: 5445

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1882619 12-Oct-2017 20:38
Send private message quote this post

ArcticSilver:

 

 

 

This is what the disputes tribunal is for. The disputes tribunal ruling is legally binding.

 

 

 

 

The implications for literally the entire manufacturing sector along with any importer of goods are so significant that you can guarantee a loss in the disputes tribunal would result in an immediate appeal.

 

The consequences of a loss in a case like this would be massive. Imagine how much you'd need to pay for a phone if manufacturers had to keep giving you a free one every 2 years when the current model was no longer supported. What happens when YouTube no longer works on your 5 year old TV because Google change their API? Will every TV manufacturer need to give away a free TV every 5 years?

 

 


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39


UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.