BlueBorn - Security Discussion

I just came to know of this vulnerability.
Unfortunately I have a custom rom in my Galaxy s6.
It is the final one so there are not going to be any updates.
Anyone know how can I patch that vuln?
Thanks

I happen to be exactly in the same situation. Alexis Rom MM user here, didnt want to update to Nougat. If you find a way to patch it please let me know.
As far as I know, only samsung september security patches will fix it. So, a nougat version from september will do. Or if any carrier release a 6.0 september version, but thats probably not possible anymore.

zapahacks said:
I happen to be exactly in the same situation. Alexis Rom MM user here, didnt want to update to Nougat. If you find a way to patch it please let me know.
As far as I know, only samsung september security patches will fix it. So, a nougat version from september will do. Or if any carrier release a 6.0 september version, but thats probably not possible anymore.
Click to expand...
Click to collapse
Hopefully someone will make a patch , like @Tungstwenty made for those master key vulnerabilities.
Anyways i shall post if something comes to my notice.

Same interest - 6.0 MM stock rom on Moto X 2014. Hoping that some kind of universal patch can be made to at-least fix part of the vulnerability. I have a wearable so disabling bluetooth is not feasible. However using a device that's wide open is not going to work. Don't really want to upgrade since there's no worthy spiritual successor to this phone.

Related

[Completed] Will I lose foxify ability when installing newest software on Verizon s7edge?

Currently running Android 6.0.1 on Verizon s7 edge. With September 1st security patch. I want to keep my hotspot with foxify capabilities but I don't know if newest update will prevent that and would like to know if it will or not. Also would like to know if there are any rooting possibilities for this phone with that firmware and security patch available at the moment. I didn't mean to update the September's but I stuck it in my pocket and it must have touched my body and did it by itself. Thankyou for the help.
XDA Visitor said:
Currently running Android 6.0.1 on Verizon s7 edge. With September 1st security patch. I want to keep my hotspot with foxify capabilities but I don't know if newest update will prevent that and would like to know if it will or not. Also would like to know if there are any rooting possibilities for this phone with that firmware and security patch available at the moment. I didn't mean to update the September's but I stuck it in my pocket and it must have touched my body and did it by itself. Thankyou for the help.
Click to expand...
Click to collapse
Greetings and welcome to xda. We can never tell what carriers will add to their firmware, verizon have been known to add things. If you make an account and ask your question in this thread here
http://forum.xda-developers.com/verizon-s7-edge/how-to/firmware-verizon-s7-edge-t3344092
I'm sure the experts there will be able to help you
Good Luck
Sawdoctor

Updates for 6.0.1 without installing 7.0

I had installed Nougat as soon as it was available for my S7 and never really liked the battery life. Maybe I could have tried to fix it but instead I downgraded back to 6.0.1 through Odin.
So far every thing is fine. But the first and only update that I received is the 7.0 upgrade again. Ofcourse I didn't install it this time. But it looks like I'm not getting any other updates or patches now.
When I look at the Security patch level, that is from Dec. 2016.
I think I don't get any updates for 6.0.1 now because the is an upgrade waiting to be downloaded and installed.
Is that how it works or am I missing something.
Thanks.
Baklin said:
I had installed Nougat as soon as it was available for my S7 and never really liked the battery life. Maybe I could have tried to fix it but instead I downgraded back to 6.0.1 through Odin.
So far every thing is fine. But the first and only update that I received is the 7.0 upgrade again. Ofcourse I didn't install it this time. But it looks like I'm not getting any other updates or patches now.
When I look at the Security patch level, that is from Dec. 2016.
I think I don't get any updates for 6.0.1 now because the is an upgrade waiting to be downloaded and installed.
Is that how it works or am I missing something.
Thanks.
Click to expand...
Click to collapse
Install the last (newest) 6.0.1 ROM, and that is the last update you will get for it, it's not like Windows
If you want to stay up to date with security updates you MUST be running the latest available ROM, which is 7.0
Thanks.
I have the latest rom I could find. And was hoping I would get at least the latest security updates for 6.0.1.
Looks like I will have an other look at 7.0 again soon.
Baklin said:
Thanks.
I have the latest rom I could find. And was hoping I would get at least the latest security updates for 6.0.1.
Looks like I will have an other look at 7.0 again soon.
Click to expand...
Click to collapse
Nope, mobile OS's are discontinued once a new major OS version is released
iOS/WP/Android all the same

Downgrade from Pie

I updated to Pie and I hate it. I want to go back to the latest updated version of Oreo just before the Pie upgrade. I'm with Telstra in Australia and can only find the Oreo version form Telstra from September 2017. Is it possible to install that version and apply updates right up just before Pie?
Are you concerned that factory images that do not list a specific carrier or region are not suitable for installation on a Telestra device? For example, 8.1.0 (OPM2.171026.006.G1, Jul 2018) does not call out a region or carrier. The initial Pixel 2 factory image and several later images do not list a carrier or region.
Perhaps you can back up your current install, try the November 2018, and see you like it better. If not, attempt to downgrade to 8.1.0 (OPM2.171026.006.G1, Jul 2018). If the downgrade fails, reinstall your 9.0 backup.
For what it's worth, I have not done this and recommend searching the forum for people who have tried to downgrade: https://forum.xda-developers.com/pixel-2/help/to-downgrade-android-9-0-t3850398
Hope this helps somewhat.
kotton666 said:
I updated to Pie and I hate it. I want to go back to the latest updated version of Oreo just before the Pie upgrade. I'm with Telstra in Australia and can only find the Oreo version form Telstra from September 2017. Is it possible to install that version and apply updates right up just before Pie?
Click to expand...
Click to collapse
Pie was released in October. The September update would be the most recent image for Oreo. You can install it but if you do, you won't be able to update your phone again. All future updates will be Pie. What I'm saying is you won't be able to install future updates without installing the Pie update first. There is no more Oreo after September.
Yeah I'm not interested in upgrading any further than the last Oreo version. So many features of pie are just not to my liking. I can't back up my current install because I haven't unlocked my bootloader or rooted yet. Mainly because Oreo was so good there was no real reason for me to bother. Now I'm forced to, to get rid of this terrible version of android.
kotton666 said:
Yeah I'm not interested in upgrading any further than the last Oreo version. So many features of pie are just not to my liking. I can't back up my current install because I haven't unlocked my bootloader or rooted yet. Mainly because Oreo was so good there was no real reason for me to bother. Now I'm forced to, to get rid of this terrible version of android.
Click to expand...
Click to collapse
What I think @robocuff means is that you will not receive any security patches going forward. All subsequent patches will be for Pie only.
grumpygoof said:
What I think @robocuff means is that you will not receive any security patches going forward. All subsequent patches will be for Pie only.
Click to expand...
Click to collapse
Yeah I understand that. That's why I wanted to get the latest Oreo before pie so I was as up to date as possible. I don't care about updating any further. I just want a decent ROM, which in my opinion, Pie is far from.
Thanks for the input guys.

Is it possible to get monthly security patch without updating to One UI?

The S8+ G955W is not able to root and I need call recorder plus I like to theme it with Andromeda, so I decide that I am not going to update to One UI. However, the security patch of Oreo only updated to January, is there anyway to get the March security patch which comes with the Pi update? And how about the future patches?
acwcanada said:
The S8+ G955W is not able to root and I need call recorder plus I like to theme it with Andromeda, so I decide that I am not going to update to One UI. However, the security patch of Oreo only updated to January, is there anyway to get the March security patch which comes with the Pi update? And how about the future patches?
Click to expand...
Click to collapse
You can root. look up jrkruse edl safestrap
As for updates no you can't
TheMadScientist said:
You can root. look up jrkruse edl safestrap
As for updates no you can't
Click to expand...
Click to collapse
Are those really root? Is the bootloader unlocked? Can I install Magisk or Supersu? I believe the answers are no, no and no. And if I have to stay with Nougat then what date of the security patch we are talking about? I appreciate of your suggestion but it just doesn't make sense to me.
acwcanada said:
Are those really root? Is the bootloader unlocked? Can I install Magisk or Supersu? I believe the answers are no, no and no. And if I have to stay with Nougat then what date of the security patch we are talking about? I appreciate of your suggestion but it just doesn't make sense to me.
Click to expand...
Click to collapse
The bootloader it's locked yes but with safestrap you can at least install a rooted nougat image. Its either that or update to pie to get the latest security patches. Its one or the other. There are several threads on rooting and safestrap for bit 5 U models. I think the last night l nougat patch it decent 2017 maybe jan 2018.

Android Security Updates

Hello there,
I'm using a custom rom based on Nougat. Everything is good, but I have concerns about security. I know that Nougat is discountinued now and most people have moved to Oreo or even better Pie. Last security update was in 2018 and then was abandoned, those security updates I haven't got on my device can affect me? Can I still try by myself to install the latest security updates manually?
Tommytommy1234 said:
Hello there,
I'm using a custom rom based on Nougat. Everything is good, but I have concerns about security. I know that Nougat is discountinued now and most people have moved to Oreo or even better Pie. Last security update was in 2018 and then was abandoned, those security updates I haven't got on my device can affect me? Can I still try by myself to install the latest security updates manually?
Click to expand...
Click to collapse
No, you would need to build the ROM yourself each month with the new security updates in it.
Where do I find them?
IronRoo said:
No, you would need to build the ROM yourself each month with the new security updates in it.
Click to expand...
Click to collapse
Should I decide I would like to build a new ROM where would I find the Updates?
I just purchased a new device, dual SIM 4G LTE with Android 9.0 using a BDF-X20 rom. It ships with Android Sec Update 5 May 2018 and the vendor says there will be no updates. 19 months out of date is a little much in my opinion.

Categories

Resources