Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Android Google

Recent Blu Update Locks Users out of Their Phones (bleepingcomputer.com) 81

An Android update that Blu shipped to Blu One Life X2 smartphones yesterday, November 28, has locked people out of their phones. From a report: On forums, Reddit, and Blu's official Facebook page, users are complaining that after applying the update and rebooting the device, their phone won't recognize their password, PIN code, or pattern lock, even if users are 100% sure they are entering the correct data. Bleeping Computer has independently verified this bug. "I updated my BLU Life One X2 around 2 hours ago. It asks for a password in order to access Android," said one of the Blu users facing this problem. "I am completely locked out of my phone. Ever single password used is marked incorrect." After ten "failed" login attempts, the user's data is wiped from the device, according to the standard Android OS behavior.
This discussion has been archived. No new comments can be posted.

Recent Blu Update Locks Users out of Their Phones

Comments Filter:
  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Wednesday November 29, 2017 @11:32AM (#55643637) Homepage

    we learned earlier today that you can spoof login to become root on macOS -- this android feature makes it much, much more secure than macOS - you cannot login as root (or anything else) :-).

    • LA LA LA Android is perfect!!! Look over here see an unrelated problem on a different system. Man those guys suck!!!

      • by Anonymous Coward

        LA LA LA Android is perfect!!! Look over here see an unrelated problem on a different system. Man those guys suck!!!


      • by AmiMoJo ( 196126 )

        To be fair TFA does make it sound like Android is pretty secure. No-one can get into these phones.

        • Exactly what I was thinking -- if a backdoor were available, this wouldn't be such a problem for those involved lol.

        • Except for the fact that there is a 3rd party tool that can change your password on your device. So while you may not be able to get in the phone, the app maker may be able to.

    • Apple is once again a leader in usability!

      Although your message is sadly dated, there's already an OSX patch out.

      • Apple is once again a leader in usability!

        Although your message is sadly dated, there's already an OSX patch out.

        Not to mention that Apple published a Knowledgebase Article pretty much instantly, telling Users how to stop the login vulnerability by assigning a password to root.

  • Was thinking it was your phone. You paid the manufacturer for the right to carry it around, but they get to decide what software runs on it.

    • How insightful. Do you have a macro set up to post this every single article?

      Does Blu force the update on you?

    • Same old tired argument.

      • It's not so much an argument as an observation. I think the concept of property is changing in society, and primarily in favor of business rather than individuals.

  • Everybody knows that no phone manufacturer would ever actually do any software updates.

    • Everybody knows that no phone manufacturer would ever actually do any software updates.

      Ha ha. But seriously ...

      Now you know one big reason WHY they don't like to push updates.

      "It's working. Why risk bricking it? Especially since we'd brick ALL of 'em and incur enormous costs fixing the oopsie!"

  • Locking people out of their smart phones might reduce people walking with their face glued to the tiny screen. Especially in crosswalks or near construction zones. It is even possible that people driving will stop looking at a phone that they are locked out of. Maybe not, but possibly.

    Who knows, people might even discover this thing called 'outdoors' and become aware of what color the sky is.
  • Why does anyone think this is a good idea?

    • My thought too. It strikes me as depending upon the thief, finder, or police inspector not knowing about that "feature", which makes it another "security by obscurity" method. And it shows a lack of confidence in encryption methods. If encryption works, then this wipe feature is at best useless, isn't it?

      It enables toddlers to accidentally wipe your phone by imitating your use of the phone. Of course they could also drop your phone in the toilet. But this-- even the cat could wipe your phone. Howeve

      • I don't see that. The encryption "works" by limiting access to someone who knows your passphrase. If someone is allowed infinite time to brute force your passphrase then it's not the fault of encryption failing.

        • by green1 ( 322787 )

          Then make it an increasing timer with each attempt, rather than a wipe after X attempts.
          It will quickly result in the same thing for a stolen phone, but will give you a chance to save your phone before your 2 year old wipes all your data.

      • IMHO a better approach might be to, after a few tries, have progressively longer times before another try is allowed.

        With the right backoff algorithm you can allow only a finite. and reasonably small. number of tries even in infinite time. But the alternative of also shortening the interval with time when no attempts are being made can make it return to normal behavior after a reasonable time, even if it had been poked at for a long time (at the cost of allowing an arbitrary number of tries in infinite tim

  • by Ecuador ( 740021 ) on Wednesday November 29, 2017 @11:53AM (#55643755) Homepage

    For those who don't know BLU, I had never heard of them either, so I assumed it is some sort of small Chinese OEM, but actually it seems BLU (Bold Like Us) phones are popular with the Latin population in the Americas. They have been known to to send data to China [cnet.com], so I guess their reputation is not top notch...

    • by rklrkl ( 554527 )

      Blu are a US company that mostly releases clones of Chinese phones (i.e. keeps the hardware and Anglicises/Blu-brands the software - but there's still "Chinglish" to be found in the UI in a few places!). They seem to exclusively sell on Amazon from what I can see and some models have limited release w.r.t. which countries (i.e. which Amazon country store) you can buy them from. My Blu Vivo 6 was exclusively on Amazon UK, but the "successor" - the Blu Vivo 8 - seems to only be on Amazon US for example.

      As you

  • by Zombie Ryushu ( 803103 ) on Wednesday November 29, 2017 @12:06PM (#55643849)

    BLU Started out to be one of the GSM Good Guys. They offered a MediaTek based, inexpensive, near Stock Android experience I own two BLU Studio 5.0C devices, and two BLU R1 HD. They didn't have locked bootloaders. They supported proper FastBoot and Recovery. Most applications were not installed in the system parition. Root was easy.

    Then you found out that BLU either couldn't, or wouldn't update the version of Android on their devices, instead they would patch KitKat or Lollipop against whatever vulnerabilities they have. This was because their MediaTek Drivers made updatng the roms very likely to break things. Then, after a few years, they started dropping support for devices entirely.

    Then came things like the Sponsorship deals with Amazon to put Ads on lock screens... and this started with the R1 HD... and... oh boy... here we go. Here came the locked bootloaders. Here came the Amazon Preloads of whatever App they had. When people started rooting them to get rid of that garbage, they responded by altering their Preloaders to patch out Fast Boot Access, and disable SP Flash tools. By this time there were TWRP recoveries, Alternate Stock roms, and LineageOS Builds.

    They not only disabled SP Flash Tools for their Amazon suppoerted models, but every model post the R1 HD that wasn't Ad supported.

    The last straw for me was the ADUPS Debacle, and the MTK Logger vulnerability, and I promise you, I will not buy another device from BLU.

    • I have the Life One X, and I got it because of all of the good reasons you stated. Dual-SIM, good features, mostly stock, unlocked, and $150. So I got one for myself and for my wife. It came with Lollipop, and I thought it would never get udpated... but it did! They updated it to Marshmallow earlier this year. I was shocked and happy. I sung the praises of BLU.

      Then the spying came out.... and I was nervous, but my phone wasn't affected. My wife cracked the screen on hers, and we just couldn't go wit

  • Real men just change the program code, of course it will work as intended!

  • Well not exactly the same thing, but close enough. One day out of the blue my iPhone asks for a 6 digit PIN where it was previously configured with a 4 digit PIN. Wipe / reset / total loss. I'm happy to be back on Android but I will say the IOS experience wasn't near as painful as I expected once I got used to not having an app drawer.
  • All those cheapskates saving ten cents a day by getting some mid-range Android phone instead of an iPhone must be really regretting their decision right now.

    • by AvitarX ( 172628 )

      BLU $180 (if I'm spendy), free decent case, 18 month life
      iPhone, $600, $60 for a bulky case, 3 years life maybe, Though by the end, my 18 month BLU is gonna be a better phone.

      At best that's $0.30/day, and a huge bulky phone, double lose.

  • This isn't good. Thankfully my Blu R1 plus is not affected. Of course, people will bash them for this and other things but there is no other phone of this quality out there for $160. I'm very happy with it.
  • by rklrkl ( 554527 ) on Wednesday November 29, 2017 @05:14PM (#55646159) Homepage

    I've had a Blu Vivo 6 for a fraction over a year now (bought on Black Friday 2016 - its actual release day here in the UK) and there's not been a *single* update for it (not even a minor one). So it's stuck on Android 6.0 and an Android security patch level from way back in September 2016! Looking at Blu's Facebook/Twitter, it's full of people with Blu phones begging for any sort of updates...and getting right royally fobbed off by Blu staff every time ("we're working on it", "it's coming soon"...for a full year?!). It seems Blu just abandon a phone on launch and release its successor 6-12 months later with the updates instead (yep, there's a Blu Vivo 8 with Android 7 available in the US now, but the specs aren't that much better than the Vivo 6).

    This annoyed me so much, I've just bought a Umidigi Z1 (more RAM, faster CPU/GPU, Android 7, dual rear cameras, multiple updates this year, costs 50 pounds less) to replace it. A shame really, because the Vivo 6 is actually a nice phone - if it had gone to Android 7 like the Vivo 8 has, I'd have kept it for much longer.

    • I've had a Blu Vivo 6 for a fraction over a year now (bought on Black Friday 2016 - its actual release day here in the UK) and there's not been a *single* update for it (not even a minor one).

      I'm still waiting for BLU to patch the KRACK vulnerability on my phone.

      I got a BLU Advance phone [amazon.com] for $75 on Amazon. Nice phone, dual SIM, 5.5", 64GB SD card expansion, Android Marshmallow. This just this past summer (just before Amazon took them off the market for leaking data to China).

      For the longest time, it bugg

  • Send $5000 in bitcoin to china and they will unlock it.
    Until then, the CHinese gov owns you.
  • Blu also makes a line of candybar (non-flip, with keypad) dumbphones. The Zoey 3G goes for about $30. They're decent if you want a device to just talk and text on, and work with networks that dropped 2G coverage like AT&T. They don't have the creepy telemetry of smartphones today, they're not smart enough.

      Their only problem is lack of predictive text.

  • Bomb, Live Unit [slashdot.org]. Looks like it just went off.

In seeking the unattainable, simplicity only gets in the way. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982