Discussion in 'mobile device security' started by Minimalist, Sep 6, 2017.
Interesting that there is no specific mention of fixing the BlueBorne vulnerability, which is included in the September patch. Perhaps the fixing of the Broadcom Wi-Fi driver actually applied to both their Wi-Fi and Bluetooth drivers.
That sounds like a lot of updates. Does Android normally release that many critical security updates? I don't keep up with them too much other than knowing they have been plagued with malware lately.
From the article, "Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September release of its Android Security Bulletin on Tuesday."
"The 13 critical vulnerabilities mark a slight uptick over July, when Google addressed 11 critical bugs, and August when it patched 10 critical RCEs."
So not significantly higher than normal. Also from the article, "Google says it hasn’t received any reports the vulnerabilities fixed this month have been exploited". So these are proactive fixes.
I wouldn't really say that Android has been plagued with malware lately. I do not personally know anyone who has ever been infected with a piece of Android malware that did anything more serious than produce spamy notifications (adware). Those problems are simply solved by removing the offending app. However, it is true that Android malware exists, that some of it makes it onto the Play store, and that some of it is serious. The same can be said of iOS.
Something no one discusses or mentions in any of the articles about this.
Seven months after Armis Labs publicly announced the Blueborne vulnerability and much longer than that since they privately disclosed it to the industry, mobile devices that contain this massive vulnerability and that will never be patched are still being sold all over America to this very day!!
I just bought one to test this before I posted about it.
The device I bought is a prepaid phone by ZTE. I checked the ZTE website. There is no patch for that device.
I downloaded the Blueborne vulnerability scanner app by Armis Labs (the research team who announced the vulnerability last September).
The scanner detected the ZTE phone as unpatched and vulnerable to Blueborne.
I very much doubt this is limited to ZTE, it just happened to be the one I picked up in the store.
How can it not be illegal to sell devices that have a known security vulnerability that is unpatched and for which there is no patch available?
Thank You a ton for making mention of that.
I have no idea why on earth they fling out sales of such products with full knowledge of it as you so politely point out.
You can test your Android devices, look for Blueborne scanner by Armis Labs on Google Play.
I really did say that politely didn't I? I must be getting sick or something. I don't usually consider companies that do such things worthy of politeness.
Separate names with a comma.