12-09-2017 10:25 PM
Evening all, can anyone let me know please when Samsung will release a patch for blueborne?
14-09-2017 11:08 PM
Was this a serious comment or are you just trolling? I'm dumbfounded that someone would think that computer viruses can't be spread "through the air" while using a device that connects remotely to the internet via cellular, WiFi, Bluetooth, NFC, etc.......
15-09-2017 06:50 AM
This threat does appear to be real, and Google has patched it inAOSP, flagged as critical, patched around August 08, for September security update.
There is no virus or malware yet, but the exploit is real. It does not require physical access to the device, all that is required is that BlueTooth is turned on. Without pairing, a remote attacker can execute arbitrary code as a priveliged user and gain access to, and control your device.
You really don't want to have Bluetooth turned on in a public space for much longer unless this is patched on your device.
By Airborne, the OP means that the means is by wireless access, no physical access required. Potentially, a device coul dthen go on and re-run the same exploit on every other device it comes across. It will go wild once that happens. It's a nastly flaw.
It takes vendors a long time (or never even) to produce these patches, and all those low cost devices tha NEVER get updates (and even recent flagship like SIII) will remain vulnerable.
16-09-2017 02:50 PM
The key question is how we can force Samsung to do their job?
Patching security vulnarebilities is part of their duty and not acting is risking their reputation and as well will impact their future business.
We are the clients and if we Samsung continues our needs - in this case "security" and does it similar like other vendors then they will lose a lot of clients.
So Samsung - DO YOUR JOB AND STOP IGNORING
16-09-2017 05:36 PM
We can't use bluetooth on any Samsung devices - phones or Gear because Samsung is not providing patches. And as usual their making no public statements about it at all. Wait till half their phones are infected and locked with Ransomware. It's going t be worse than the Note 7 debacle. Which I was unfortunate to be a part of also. My patience with Samsung is wearing very thin.
17-09-2017 12:06 AM
17-09-2017 01:16 AM
No matter where you sit on the spectrum, Apple don't make exploding washing machines. And if they did they wouldn't pretend that they didn't - see More than 200 Samsung house fires recorded
Everything Microsoft say and do (and think and launch and cancel) is online. They publish every random thought they ever have and there si som much of it that it can take hours to find what you need.
Samsung? Zip - Crickets - Nada.
Watch as the biggest phone manufacturer in the world lets the world down, again.
18-09-2017 06:22 AM - last edited 18-09-2017 09:41 AM by AntS ) in
Given the level of privilege that BT typically has on devices, you could potentially run anything that would typically require root access. So this could extend from a keylogger to something as serious as ransomware. I'll be putting a call into Samsung in the next day or two and will update as I've heard nothing from them on here. Bear in mind that you can always load on raw android without all the c**p that Samsung load on. I'll have a lookie on XDA developers and see what they're saying at some point too.
18-09-2017 09:37 AM - last edited 18-09-2017 09:38 AM
Hi all.
Samsung's official statement on BlueBorne is this:
"Samsung takes security issues very seriously. We were aware of BlueBorne issues and began rolling out our security updates on August 30 since being notified by Google. We encourage users to ensure their device has the latest security updates installed."
18-09-2017 09:47 AM
18-09-2017 12:00 PM
Blueborne Vulnerability Scanner still shows my phone is vulnerable, and Software Update still shows I have the latest software...
Conclusion: Samsung's official position is just 'marketing puff'. No patch has been delivered.