FTM, Google, Samsung, T-Mobile, KPN, Vodafone and The Phone House approached for comment. T-Mobile and The Phone House have not this request is responded to.
Comment Google
Google (with help from open source contributors) develops platform updates and monthly security updates. It’s then up to hardware vendors to make the necessary adjustments to implement these updates on their devices. For Pixel and Nexus devices, Google allow pushes the updates directly, with devices getting platform updates for at least two years from release and security updates for at least three years from release.
It’s not accurate to say that almost three quarters of Android devices worldwide are currently running on old and unsupported software. According to our dashboard, 60.7% of active devices are running 5.x, 6.x or 7.x, versions of Android for which we currently provide security patches.
We are also working to make it easier for companies to implement these security updates, and to make the update experience better for users. For example, in Android 7.0 Nougat, we implemented a new update model in which software updates download and install in the background, so users won’t have to wait while their devices sync with the latest security tools. Pixel currently uses these seamless updates, and we expect many more devices to use them over time.
Comment Vodafone
We develop any software for devices, this is done by the manufacturers of the devices. In some cases we add some Vodafone-elements software (such as logo and Vodafone applications), but this does not change the core of the software, as the manufacturer has developed. Vodafone test the functionality of the software before we devices introduce, but we also test on software updates for Vodafone-branded devices. So, Samsung monthly SMR (Security Maintanance Release out). This is then by Vodafone tested before it is accepted or rejected.
Our current product range has Android 6 or higher. Possible that there are still some old (prepaid) phones with a previous version of Android contain, however, these are almost always to upgrade to Android 6. If there is a device that is not upgradable is apparent, then we will put a warning in our channels.
Comment Samsung
Safety and user experience is of the highest priority for Samsung, and we see it especially as our responsibility to our users to support this. I do want to emphasize that a software update is independent of the vulnerability of a unit. We provide all equipment for up to two years after the introduction of regular security updates so that your device is always safe. For more information you can visit: http://www.samsung.com/nl/support/skp/faq/1097862/.
In response to a statement for the statement from Samsung in the NOS message about the injunction proceedings, that ” the judgment confirms that [Samsung] the security of [her] devices in order [has]', referred the spokesman to paragraph 4.2 of the judgment. This recital reads as follows:
"(…) at Present it is insufficiently plausible that from stagefright, and stagefright 2.0 an acute security threat shuts down when the Consumer sets. Samsung has, partly on the basis of the statements of two of its employees, [name 4] [name 5] (productions 2 and 3) clarifies that it is not a vulnerability in Android, but to a flaw in the operating system, and that the abuse of this vulnerability a particularly complicated, expensive and time-consuming process. This requires that an exploit is developed. This is a computer program to a vulnerable place in the system a leak to make that has access to sensitive information on a smartphone is obtained (hacking). One exploit can be for several models of smartphones are used. The chances of "successful" use of an exploit is, according to Samsung extremely low. In the opinion of the court, it is this position of Samsung insufficiently rebutted by the Consumer. On the contrary, the Consumers ‘ association has as its output 24 a report in the proceedings of DPA B-Able, from which the present can also be inferred that the danger of stagefright now limited or no longer present. In this report, dating back to January 30, 2016, is under more:
There is no evidence that the Stagefright vulnerability can be actively exploited on Samsung devices… it is Also of interest that the Consumer is not likely that only one smartphone from Samsung outside of a test environment ("in the wild") has been hacked, let alone that it allows a user of a Samsungsmartphone is adversely affected.
finally, it is of interest that from the statement of Lee (production 2) as well as from the e-mail of G. J. ter haar (employee of Samsung) 10 February 2016 (producing 13 of Samsung) at the present it follows that all the devices of Samsung that after July 2013, introduced in the Netherlands (now) against stagefright (2.0) are protected. Although there are some older models of smart phones after July 2013, and sold where no patch is released, to know the Ace 2, the S3 and the S3 mini, but that there were substantial numbers of smartphones is not clear.
all in All, it is not clear that stagefright, and stagefright 2.0 such an acute risk for users of Samsung smartphones that sufficient urgency exists to engage in an interlocutory proceeding."
Response KPN
In response to the question of whether KPN it as her responsibility to safe products, and or digital security also falls under:
KPN believes it is important to safe products and services for everyone and has the privacy of its customers in high esteem. Specialized teams keep watch 24 hours a day, 7 days a week on our networks and systems, and the data of our customers.
In response to the question, why KPN the previously mentioned HTC Desire 620 in its online store had:
For iOS software updates centrally directed by Apple. Google’s Android is different smartphonefabrikanten delivered. Smartphonefabrikanten distribute the software (and the updates) then to end-users without any intervention by KPN. Thus, the responsibility of secure software is therefore also at the smartphonefabrikant.
as soon As we from the smartphonefabrikant receive the signal that a smartphone or software version is not (more) is safe, we get this from the range. That is when that particular device is not the case. However, it is the case that smartphonefabrikanten updates continue to propagate to end users of this specific device, as KPN, we have no part in it.
We ask smartphonefabrikanten which we sell the products, these products actively to continue to support. Therefore, we also have the question outstanding to HTC or this conscious device still is equipped with the latest security updates. Awaiting a response from HTC, we offer the unit for the time being not commercial.
In response to the question of whether KPN its customers advises about the risks of outdated software:
We recommend customers always have the latest version of software to install. With some regularity there are new updates offered, often include some security updates. So customers most internet threats outside the door. See more www.kpn.com/veilig (https://www.kpn.com/service/internet/veilig-internetten/veilig-online-op-je-smartphone.htm. We also offer KPN ToestelVeilig (https://www.kpn.com/mobiel/bundels/toestel-veilig.htm), thus users can use their smartphone to protect and secure. KPN ToestelVeilig is available for Android phones and has an anti-virusfunctionaliteit. With an All-in-1 and Internet subscription of KPN is ToestelVeilig is also free of charge for two devices (e.g. smartphone and tablet).
No comments:
Post a Comment