Close

What are you looking for?

cancel
Showing results for 
Search instead for 
Did you mean: 

Blueborne

(Topic created on: 12-09-2017 10:25 PM)
13957 Views
Blueborne
Apprentice
Options

Evening all, can anyone let me know please when Samsung will release a patch for blueborne? 

112 REPLIES 112
Eltas
Pathfinder
Options
No its not. Why haven't we heard of it already, they've been less serious malware that made it to the news, this one effects over 2 billion devices and we're not hearing a thing. Why not email the CEO of Samsung instead, his information is public and any complaints I have go straight to him. Instead you're asking a community forum like we're employed by Samsung, expecting what exactly?
I read one article, because all I could find is one article that gave information about it. Sorry I couldn't drop my work and find a solution for a vulnerability in Bluetooth, but at the same time, I feel I don't need to be concerned, and I will express that. Better than panicking the rest of my life about a vulnerability that may not actually be a problem. Okay this was discovered in April, 2 billion devices affected. Where is the evidence in the 4 months since that this is a real threat? I work in the defence industry - a statement anyone can say, I know. But if this really was as big as you have been making out, we'd have sorted it as soon as. No one needs to understand how Bluetooth works to take this into context. Billions of devices affected. No global race to fix it?! And you really think Bluetooth, that's been around longer than generation Y won't have plugged such a massive vulnerability? Or at least let the billions of people with devices know? No. And the Armis website is where I got my initial information and it's their app that the link in your link is linked to. Given that it's only 6.x android devices that COULD be affected android 7.0 has been out over a year already. Most active devices are most likely to have got the patch already! And any patch since 6.x came to be will have the vulnerability plugged.
0 Likes
Andazeus
Apprentice
Options

MHJ, you obviously have no clue what you are talking about and are dangerously ignorant about the situation.

 

You want details as to how the new exploit works? There you go: http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf?t=1505222709963

 

This is the technical documentation with all the details. Do your research instead of just brushing this off.

 

The vulnerability currently affects ALL Samsung devices and the only things you can currently do to 'fix' the problem is disabling bluetooth, which, needless to say, is an important feature for many users.

 

This is one of the most significant exploits seen in history as it allows full, privilidged, remote code execution without having to trick the user into anything or physically access the device.This could theoretically be turned into a worm spreading from one device to the next. The exploit has been acknowledged by Google, Apple, Microsoft and Linux and fixes have been published. But not by Samsung. It was clearly stated that the bug was communicated to Samsung in April and nothing has happened yet. This needs to be fixed ASAP. I also just tested my Galaxy S6 myself that just got an update 2 days ago and it is still vulnerable.

 

I will be turning off bluetooth for now and I recommend everyone to do the same until a fix is published. This is URGENT.

Eltas
Pathfinder
Options
No I don't have much of a clue and that's partly my point.
The world would know if it did appear when they armis state it did.
Why am i being "ignorant"? Because you're acting like vulnerabilities have never been discovered. I'm laid back because they'll be or have already been patched way before anything serious happens. Seen vulnerabilities before and I've confidence that Samsung, Google, Apple and Microsoft to patch it before it even becomes an issue.
0 Likes
SpoonOfDoom
Explorer
Options
I've asked Samsung on Facebook about the S3, and the only answer until now was "according to our information Tizen is not affected", which seems to be untrue as far as I've read. So chances are, Samsung is not in a hurry to push out an update for their wearables at least - no clue about their phones.
0 Likes
Andazeus
Apprentice
Options

Okay, so you just admitted that you do not understand the problem and that you just blidnly trust companies to fix it, even though there is evidence that Samsung has not fixed the bug yet. I am sorry, but at this point I have to consider your opinion uninformed and irrelevant. In the mean time, more technically savvy users should continue to push Samsung for a fix ASAP.

Andazeus
Apprentice
Options

You can check your devices using a tool Armis has released yesterday. You can install it on a phone and have it scan other devices per bluetooth for the vulnerability.

0 Likes
SpoonOfDoom
Explorer
Options
MHJ It is an issue right now. The vulnerability exists, there is a decent amount of devices that have *not* been fixed yet, and it *is* being reported right now (which is why we have this thread now), so I don't understand your argument. You're ignorant because you're acting as if this issue doesn't exist and we're wrong to ask when the vulnerability will be fixed in Samsung devices. And this is a vastly different category of vulnerability, because the scale is *much* larger and it also doesn't require access to the device, or any action of the user.
If everything gets patched before something serious happens, that's luck.
0 Likes
PeterPan123
Journeyman
Options

Maybe its a fake, ok. After digging some more into CVE/Bug details, im concerned too.

We will see clearer in the days coming.

 

0 Likes
Andazeus
Apprentice
Options

Well, the bug has apparently been adressed by Google, Linux, Microsoft and Apple and there is detailed technical documentation available that could quickly be taken apart by any security expert. It therefore seems like this is very legit, unfortunately.

0 Likes
PeterPan123
Journeyman
Options

Found some proof:
https://usn.ubuntu.com/usn/usn-3413-1/

Sounds like this is not a fake.

0 Likes