Close

What are you looking for?

cancel
Showing results for 
Search instead for 
Did you mean: 

Blueborne

(Topic created on: 14-09-2017 06:42 AM)
6247 Views
Blueborne
Apprentice
Options

Evening all, can anyone let me know please when Samsung will release a patch for blueborne? 

112 REPLIES 112
pixel4life
First Poster
Options

This is Samsung reps making excuses for not releasing the patch yet. It is obviously major - Linux and Google released patches almost immediately. The Google Nexus 5 phone fron 2013 has already been patched! Meanwhile, Samsung the number 1 phone company has not released any patches. The truth is everyone with a Samsung device is exposed TODAY - even the newer devices! After something like this customers should stop supporting Samsung  - I have been a Samsung customer for many year and I will never buy another phone from them! There is NO excuse for this, if your data is compromised it is your job and your reputation that is on the line.

Samgear
First Poster
Options
Reasonable answer? Exactly what articles have you read? And yes, as you put out your answer you sound 100% ignorant and not very in-depth tech.

You only have a few sources at hand to review the threat. Android security bulletin https://source.android.com/security/bulletin/2017-09-01, the company (Armis) who claim to have found this bug and their whitepaper regarding it http://go.armis.com/blueborne-technical-paper and also the four indiviual CVE's.

As common strategy by serious threat founders, they report it to whom it concerns and they agree to have it a public secret until a appropriate fix is released. Which was recently.

This threat is not to take lightly. If you have bluetooth on, a malicious user can, in theory, scan and connect to your device, unknowingly. Plant or get whatever data they want. When you sit at the café listening music through your bluetooth headset, at the office when your mobile is connected to your Gear. Or whatever situation where it is fully normal that your bluetooth is on.

This is what I found most tragic. Samsung totally ignores its customers. I now own a bunch of useless devices, thanks to Samsung. Among them are a Gear S2, Galaxy S4, Galaxy S5 and a Galaxy Note 2. Certainly, most of the devices are so vulnerably anyway due to company policies. But this marks the end of buying any more Samsung mobile devices. Lack of security awareness and such ignorance 2017 is really scary.

"Armis reached out to the following actors to ensure a safe, secure, and coordinated response to the vulnerabilities identified.

Google – Contacted on April 19, 2017, after which details were shared. Released public security update and security bulletin on September 4th, 2017. Coordinated disclosure on September 12th, 2017.
Microsoft – Contacted on April 19, 2017 after which details were shared. Updates were made on July 11. Public disclosure on September 12, 2017 as part of coordinated disclosure.
Apple – Contacted on August 9, 2017. Apple had no vulnerability in its current versions.
Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
Linux – Contacted August 15 and 17, 2017. On September 5, 2017, we connected and provided the necessary information to the the Linux kernel security team and to the Linux distributions security contact list and conversations followed from there. Targeting updates for on or about September 12, 2017 for coordinated disclosure."
0 Likes
MarioSierra
First Poster
Options

The researchers posted a video of them exploiting a S3: https://youtu.be/U7mWeKhd_-A

0 Likes
RevIII
First Poster
Options

The Armis Blueborne Vulnerability Scanner shows my Galaxy S7 is vulnerable to BlueBorne.

Software Update under Settings shows I have the latest software.

Conclusion: Partch is not yet available.

0 Likes
briancarnell
First Poster
Options

Since one of the demo videos shows someone using Blueborne to hack a Gear S3 and turn on the microphone silently . . .  this is typical Samsung reaction.

 

No different than when they tried to blame users when the first Note 7's started going up in flames last year.

 

0 Likes
PatrikR
First Poster
Options

Of course CVE-2017-0781, CVE-2017-0782, CVE-2017-0783 and CVE-2017-0785 are real threats.  According to https://source.android.com/security/bulletin/2017-09-01 the Google devices will be fixed with the September security update. We can probably expect the same for the more recent Samsung devices. 

0 Likes
Splss
First Poster
Options

Unfortunately S8 september update received yesterday did not patch the BlueBorne exploits. Still it seems like if  Samsung thought that even the top class smartphones were a kind of toys or gadgets and not serious business devices.

0 Likes
Chr1zz3
Student
Options
Same here with my s8... and TV
0 Likes
Chr1zz3
Student
Options
I didnt get any update yesterday... Cmon samsung...
0 Likes
amberes
Explorer
Options

Found out what I wrote was already mentioned before.

Would love to get my devices patched ASAP. TV as well.

0 Likes