1

I have Sony Xperia XA1 Android 7, and the security patch is from August, so obviously Sony doesn't consider BlueBorne any serious danger.

However, I'm worried my device can be hacked. I'm using bluetooth currently only to sync data with smart band. How can I estimate how 'real' danger is BlueBorne for me in such scenario?

Of course turning bluetooth on on train terminal would be very unwise, but when I'm at home, probably only my neighbours and people in the parking lot would be able to get in range.

Are there more realistic life scenarios that shows the attack? I've seen only one video when the attacker turns camera on, but the screen is turned on, so the user staying near the phone would notice that immediately.

Should I be worried at all if the manufacturer is not worried at all? If they ignore the problem completely, it means either that BlueBorne is not a real danger, or that the company is incompetent and careless...

schroeder
  • 123,438
  • 55
  • 284
  • 319
9ilsdx 9rvj 0lo
  • 197
  • 6
  • potential duplicate: https://security.stackexchange.com/questions/169527/what-is-blueborne-and-how-to-protect-myself – schroeder Dec 01 '17 at 11:00
  • You are making some assumptions about *Android* and *Sony*. Just because something is not updated does not mean that people do not think it is a danger or that they are incompetent or careless. There are barriers to updating software. Your device *can* be hacked and your threat mitigation techniques limit your exposure. – schroeder Dec 01 '17 at 11:05
  • @schroeder but the Android was fixed by google in september, and Sony has released many fixes since that time, but none of them incorporated Google's update. One possible explanation is that BlueBorne was more hoax and buzz then real danger. The linked post was answered middle in the buzz, now there's an ongoing silence, which makes me wonder why.... – 9ilsdx 9rvj 0lo Dec 01 '17 at 11:16
  • Nope. Still a threat. Patch or turn off. Armis released a tool: https://play.google.com/store/apps/details?id=com.armis.blueborne_detector&hl=en_GB – schroeder Dec 01 '17 at 11:38
  • @schroeder yep, I know that tool, tells me my device is vulnerable, Sony doesn't want to acknowledge it. So the answer for today is still as for 3 months: don't use bluetooth or buy another device from better company? – 9ilsdx 9rvj 0lo Dec 01 '17 at 11:53
  • Again, you are making assumptions about Sony. You want to make them a bad guy, but the reality is very complex. The *impact* is such that you have a risk that you need to mitigate, whatever the reasons or causes. Root it and install a pure Android? – schroeder Dec 01 '17 at 11:59
  • @schroeder out of option, it will void my warranty for hardware (sick but true). This is what makes me frustrated. I've buyed a defective device and can do nothing about it... – 9ilsdx 9rvj 0lo Dec 01 '17 at 12:13

0 Answers0