Blueborne Vulnerability

magenta2634772

    I have Android V7.0 with security patch level July 1, 2017. What level will be sent out to fix the Blueborne security vulnerability?

      All replies

      • tmo_marissa

        Re: Blueborne Vulnerability

        Welcome, magenta2634772. This is definitely a topic on many minds right now, and understandably so. While we don't have a timeline at this point, we are working with our OEM partners to determine which devices can be patched when. We'll definitely keep folks in the loop regarding any updates we receive. In the meantime, we recommend turning Bluetooth off while not in use.

         

        - Marissa

        • padrone

          Re: Blueborne Vulnerability

          More than 2 months later,  it seems T-mobile has finally certified/approved the patch Samsung developed to patch Blueborne and is allowing TMO users to get the update via OTA from Samsung. The T-mobile variant of the Samsung Galaxy S7 (SM-G930T) seems to be patched with the November 1, 2017 Android Security Patch Level.  Baseband version: G930TUVS4BQJ2.  I received this update today and verified it does patch BlueBorne for my SM-G930T.

           

          Despite statements from TMO reps to "keep folks in the loop", there was no PA campaign or post announcing the patch that I've seen.  Furthermore, TMO doesn't even take credit for the patch on the S7 updates page: Software updates: Samsung Galaxy S7 as of 18 Nov 2017 17:00 UTC (Zulu Time).  I expect TMO will update that page soon or in response to this post tmo_marissa.

           

          Now for the next big problem affecting TMO SM-G930T users: KRACK!!!!  According to the Android Security Bulletin for November 2017, updated 11/8/2017,  "Security patches for the KRACK vulnerabilities are provided under the 2017-11-06 security patch level." source: https://source.android.com/security/bulletin/2017-11-01.  This means TMO SM-G930T users still aren't patched from KRACK. I'm sure there's another TMO forum thread for KRACK.

           

          tmo_marissa, T-mobile, with respect to patching KRACK for TMO users, you're getting a second and for many, perhaps a last chance to be more transparent about critical updates, that left unpatched results in unsatisfied and potentially compromised customers.  This holiday season, some of those customers will be looking to Google for both hardware (Nexus, Pixel) and service (Google Project Fi) to avoid delays of getting key updates and security patches for Android.  Recommend you get a head of this by letting all TMO customers know the plan for patching KRACK on applicable users.