I have a Sony Xperia Z3 mobile phone, less than 3 years old, that no longer gets updates and is therefore vulnerable to BlueBourne. It appears Sony are not going to provide a security update for this device. I have contacted the retailer who sold me the phone to find out about a CGA claim. All I really want is an updated firmware as there is nothing wrong with this phone. Their response is as follows:
"We do not believe at [retailer] that your device vulnerability is covered by the Consumer Guarantees Act as it is the Hardware which we retail and software comes from the manufacturer. The fact the manufacturer, Sony, no longer gives security patch and software updates is because they believe your device to be old technology and it is out of the manufacturer’s warranty of 2 years."
"From the website, you gave us it appears all Bluetooth devices are vulnerable to this virus so the only way forward would be, as [..] suggested, not to turn on your Bluetooth or upgrade to a newer device which is able to have security patch and software updates to protect. This upgrade would be at your cost."
It would appear to me that the vulnerability is not really understood as they seem to think that it is a virus. Also seem to think that Bluetooth is software and that an anti-virus should protect me - from phone conversation I had with them. I think that it is absurd to suggest that I turn off Bluetooth if I don't want to be vulnerable to BlueBourne and think that that is a valid solution to this, as I lose functionality that I use often by turning off Bluetooth (I have turned it off but this shouldn't be the solution). I shouldn't have to upgrade to a new device every year just to get updates. This was a premium phone at the time!
What is the general consensus here? Do I have a case for a CGA claim? If so, how do I go about it?