Recent Blu Update Locks Users out of Their Phones (bleepingcomputer.com) 81
An Android update that Blu shipped to Blu One Life X2 smartphones yesterday, November 28, has locked people out of their phones. From a report: On forums, Reddit, and Blu's official Facebook page, users are complaining that after applying the update and rebooting the device, their phone won't recognize their password, PIN code, or pattern lock, even if users are 100% sure they are entering the correct data. Bleeping Computer has independently verified this bug. "I updated my BLU Life One X2 around 2 hours ago. It asks for a password in order to access Android," said one of the Blu users facing this problem. "I am completely locked out of my phone. Ever single password used is marked incorrect." After ten "failed" login attempts, the user's data is wiped from the device, according to the standard Android OS behavior.
Android more secure than macOS (Score:5, Funny)
we learned earlier today that you can spoof login to become root on macOS -- this android feature makes it much, much more secure than macOS - you cannot login as root (or anything else) :-).
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:1)
LA LA LA Android is perfect!!! Look over here see an unrelated problem on a different system. Man those guys suck!!!
Re: (Score:1)
LA LA LA Android is perfect!!! Look over here see an unrelated problem on a different system. Man those guys suck!!!
whoosh.
Re: (Score:2)
To be fair TFA does make it sound like Android is pretty secure. No-one can get into these phones.
Re: (Score:2)
Exactly what I was thinking -- if a backdoor were available, this wouldn't be such a problem for those involved lol.
Re: (Score:2)
Except for the fact that there is a 3rd party tool that can change your password on your device. So while you may not be able to get in the phone, the app maker may be able to.
The other side of that coin (Score:2)
Apple is once again a leader in usability!
Although your message is sadly dated, there's already an OSX patch out.
Re: (Score:2)
Apple is once again a leader in usability!
Although your message is sadly dated, there's already an OSX patch out.
Not to mention that Apple published a Knowledgebase Article pretty much instantly, telling Users how to stop the login vulnerability by assigning a password to root.
Re:What a Blu-per (Score:5, Insightful)
I'm surprised Blu is still around. Surely after the multiple spyware discoveries and all the other crap surrounding Blu, there isn't anyone left that doesn't know to avoid Blu.
Re: (Score:2)
The bottom line is that you can buy a pretty decent entry-level Blu android phone for about a hundred bucks.
The vast majority of the world has ZERO idea what goes on in tech news. They just walk into best buy, or browse amazon, and see what looks to be a pretty good phone for a relative bargain.
Re: (Score:2)
I'm surprised Blu is still around. Surely after the multiple spyware discoveries and all the other crap surrounding Blu, there isn't anyone left that doesn't know to avoid Blu.
To paraphrase something my Dad used to sing... "If I had a horse for every time Blu made me blue, I'd have a yard full of horse... shoes."
Your first mistake (Score:2)
Was thinking it was your phone. You paid the manufacturer for the right to carry it around, but they get to decide what software runs on it.
Re: (Score:1)
Or you could pretty easily install a custom ROM like LineageOS over the existing Android, thereby eliminating the ads and ensuring better security updates as well as not slowing down your device/locking out app updates as the device ages.
Re: (Score:2)
Apple: 1) Pressure users into iOS upgrades until the phone eventually becomes unusable. 2) Release a product where you cannot install extra storage or (easily) replace the battery. 3) Eliminate headphone jack. 4) Create walled garden where it's extremely difficult to copy anything you want on and off the device. 5) Require management via iTunes, which, on Windows, is a fetid pile of stinking dingoes' kidneys.
Android: All the fragmented spying versions, as you mention. Cur
Re: (Score:2)
Which is actually one of my biggest issues with Android -- it's too damned fragmented.
If you don't like variety then stick with only purchasing Nexus [wikipedia.org] devices. Google works directly with various vendors to make a device with a consistent experience. Pretend that the others variants of Android don't exist, this is something you can easily do as an end-user. (but not as an app developer)
Most of Android is Open Source, so you should not be surprised that every OEM gets to try something a little different. But because most customers upgrade phones regularly, there is not much incentive for the OE
Re: (Score:1)
How insightful. Do you have a macro set up to post this every single article?
Does Blu force the update on you?
Re: (Score:2)
Same old tired argument.
Re: (Score:2)
It's not so much an argument as an observation. I think the concept of property is changing in society, and primarily in favor of business rather than individuals.
Re: (Score:2)
Were you expecting to reboot and get a free bonus life?
I'm waiting for the hashtag #blulivesmatter
Fake News (Score:2)
Everybody knows that no phone manufacturer would ever actually do any software updates.
Ha ha. But seriously ... (Score:2)
Everybody knows that no phone manufacturer would ever actually do any software updates.
Ha ha. But seriously ...
Now you know one big reason WHY they don't like to push updates.
"It's working. Why risk bricking it? Especially since we'd brick ALL of 'em and incur enormous costs fixing the oopsie!"
Look at the bright side (Score:2)
Who knows, people might even discover this thing called 'outdoors' and become aware of what color the sky is.
Wiping after x failures (Score:2)
Why does anyone think this is a good idea?
Re: (Score:2)
My thought too. It strikes me as depending upon the thief, finder, or police inspector not knowing about that "feature", which makes it another "security by obscurity" method. And it shows a lack of confidence in encryption methods. If encryption works, then this wipe feature is at best useless, isn't it?
It enables toddlers to accidentally wipe your phone by imitating your use of the phone. Of course they could also drop your phone in the toilet. But this-- even the cat could wipe your phone. Howeve
Re: (Score:2)
I don't see that. The encryption "works" by limiting access to someone who knows your passphrase. If someone is allowed infinite time to brute force your passphrase then it's not the fault of encryption failing.
Re: (Score:2)
Then make it an increasing timer with each attempt, rather than a wipe after X attempts.
It will quickly result in the same thing for a stolen phone, but will give you a chance to save your phone before your 2 year old wipes all your data.
IMHO why not just progressively longer times? (Score:2)
IMHO a better approach might be to, after a few tries, have progressively longer times before another try is allowed.
With the right backoff algorithm you can allow only a finite. and reasonably small. number of tries even in infinite time. But the alternative of also shortening the interval with time when no attempts are being made can make it return to normal behavior after a reasonable time, even if it had been poked at for a long time (at the cost of allowing an arbitrary number of tries in infinite tim
BLU appears to be popular in Latin America (Score:5, Informative)
For those who don't know BLU, I had never heard of them either, so I assumed it is some sort of small Chinese OEM, but actually it seems BLU (Bold Like Us) phones are popular with the Latin population in the Americas. They have been known to to send data to China [cnet.com], so I guess their reputation is not top notch...
Re: (Score:2)
Blu are a US company that mostly releases clones of Chinese phones (i.e. keeps the hardware and Anglicises/Blu-brands the software - but there's still "Chinglish" to be found in the UI in a few places!). They seem to exclusively sell on Amazon from what I can see and some models have limited release w.r.t. which countries (i.e. which Amazon country store) you can buy them from. My Blu Vivo 6 was exclusively on Amazon UK, but the "successor" - the Blu Vivo 8 - seems to only be on Amazon US for example.
As you
Re: (Score:1)
Not sure I trust their MIUI ROM with my data.
Re: (Score:2)
Re: (Score:2)
If you've lost physical posession of the phone you're already toast. As a security feature they just assume that if you can't get the password within 10 tries you're not the actual owner and it's best for the phone to wipe itself rather than site their waiting for them to brute-force it.
Also for most of your stuff it's backing up to the cloud anyways so if your phone erases itself you just get a new one, enter your Google account, and it's all still there anyways.
Re: (Score:2)
Also for most of your stuff it's backing up to the cloud anyways so if your phone erases itself you just get a new one, enter your Google account, and it's all still there anyways.
Assuming you allow such backup, which also makes all your data available to Google and any state actor (or other party) that can coerce them.
How BLU Turned on its user base. (Score:5, Informative)
BLU Started out to be one of the GSM Good Guys. They offered a MediaTek based, inexpensive, near Stock Android experience I own two BLU Studio 5.0C devices, and two BLU R1 HD. They didn't have locked bootloaders. They supported proper FastBoot and Recovery. Most applications were not installed in the system parition. Root was easy.
Then you found out that BLU either couldn't, or wouldn't update the version of Android on their devices, instead they would patch KitKat or Lollipop against whatever vulnerabilities they have. This was because their MediaTek Drivers made updatng the roms very likely to break things. Then, after a few years, they started dropping support for devices entirely.
Then came things like the Sponsorship deals with Amazon to put Ads on lock screens... and this started with the R1 HD... and... oh boy... here we go. Here came the locked bootloaders. Here came the Amazon Preloads of whatever App they had. When people started rooting them to get rid of that garbage, they responded by altering their Preloaders to patch out Fast Boot Access, and disable SP Flash tools. By this time there were TWRP recoveries, Alternate Stock roms, and LineageOS Builds.
They not only disabled SP Flash Tools for their Amazon suppoerted models, but every model post the R1 HD that wasn't Ad supported.
The last straw for me was the ADUPS Debacle, and the MTK Logger vulnerability, and I promise you, I will not buy another device from BLU.
this is sad, because I have a BLU and like it... (Score:2)
I have the Life One X, and I got it because of all of the good reasons you stated. Dual-SIM, good features, mostly stock, unlocked, and $150. So I got one for myself and for my wife. It came with Lollipop, and I thought it would never get udpated... but it did! They updated it to Marshmallow earlier this year. I was shocked and happy. I sung the praises of BLU.
Then the spying came out.... and I was nervous, but my phone wasn't affected. My wife cracked the screen on hers, and we just couldn't go wit
Who needs testing.... (Score:2)
Real men just change the program code, of course it will work as intended!
IOS did that same thing to me (Score:1)
Doh! (Score:2)
All those cheapskates saving ten cents a day by getting some mid-range Android phone instead of an iPhone must be really regretting their decision right now.
Re: (Score:1)
BLU $180 (if I'm spendy), free decent case, 18 month life
iPhone, $600, $60 for a bulky case, 3 years life maybe, Though by the end, my 18 month BLU is gonna be a better phone.
At best that's $0.30/day, and a huge bulky phone, double lose.
BLU quality (Score:2)
Re: (Score:2)
walmart, bestbuy and others carry them. (in the stores, not just online).
https://www.walmart.com/search... [walmart.com]
Re: (Score:2)
Headline should be Major shock: Blu updates exist (Score:3)
I've had a Blu Vivo 6 for a fraction over a year now (bought on Black Friday 2016 - its actual release day here in the UK) and there's not been a *single* update for it (not even a minor one). So it's stuck on Android 6.0 and an Android security patch level from way back in September 2016! Looking at Blu's Facebook/Twitter, it's full of people with Blu phones begging for any sort of updates...and getting right royally fobbed off by Blu staff every time ("we're working on it", "it's coming soon"...for a full year?!). It seems Blu just abandon a phone on launch and release its successor 6-12 months later with the updates instead (yep, there's a Blu Vivo 8 with Android 7 available in the US now, but the specs aren't that much better than the Vivo 6).
This annoyed me so much, I've just bought a Umidigi Z1 (more RAM, faster CPU/GPU, Android 7, dual rear cameras, multiple updates this year, costs 50 pounds less) to replace it. A shame really, because the Vivo 6 is actually a nice phone - if it had gone to Android 7 like the Vivo 8 has, I'd have kept it for much longer.
My BLU hasn't patched KRACK yet (Score:2)
I'm still waiting for BLU to patch the KRACK vulnerability on my phone.
I got a BLU Advance phone [amazon.com] for $75 on Amazon. Nice phone, dual SIM, 5.5", 64GB SD card expansion, Android Marshmallow. This just this past summer (just before Amazon took them off the market for leaking data to China).
For the longest time, it bugg
trivial to solve (Score:2)
Until then, the CHinese gov owns you.
Blu dumbphones... (Score:2)
Blu also makes a line of candybar (non-flip, with keypad) dumbphones. The Zoey 3G goes for about $30. They're decent if you want a device to just talk and text on, and work with networks that dropped 2G coverage like AT&T. They don't have the creepy telemetry of smartphones today, they're not smart enough.
Their only problem is lack of predictive text.
Re: (Score:2)