Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 16 to 30 of 36

Thread: Some ZTE Valet phones are vulnerable to Heartbleed bug

  1. #16
    Join Date
    Apr 2013
    Location
    U.S.A.
    Posts
    59
    Feedback Score
    0

    Spoke too soon...

    My request for a support ticket was handled by a know-nothing.

    Dear Valued Customer:

    Thank you for your interest in TracFone Wireless

    We are responding to your recent inquiry. It is needed to reset the phone as default settings, this is the only chance that we have to restore the functionality of your phone; and clear this bug called "Heartbleed".

    Please follow the steps below, and try again to use the phone. If the issue persists, we will need to send a replacement phone at no extra charge.
    Here's what I posted on the TF site:

    I've been trying to do as directed by the Tracfone CSRs in the Live Chats, but I've reached a dead end.

    The most recent Chat directed me to pursue getting a Support Ticket. I did as directed.

    The response I got (in very poor English) told me that it was necessary to reset the phone to fix the "Heartbleed" bug. Which, of course, is not going to help because it is a bug in Android 4.1.1.

    If the reset didn't fix it, I was to return the phone for replacement. Which, of course, won't help either.

    No support ticket.

    I know that this is a new problem and that Tracfone CSRs aren't getting any guidance on the issue. I know that getting this solved will take time for ZTE to apply the fix, test, and supply the update to TF. Perfectly reasonable.

    Why can't TF CSR management just allow CSRs to provide support tickets while the issue is being analyzed, escalated as required, and support instructions written for CSRs?
    I'm getting really, really tired of screwing around with this. My old TFMFL feature phone is looking better and better to me.

  2. #17
    Join Date
    Apr 2013
    Location
    U.S.A.
    Posts
    59
    Feedback Score
    0

    "Ars Technica" on the impact of the Heartbleed bug

    BTW, no Tracfone response to my last post on their forum. They don't seem to know what to do...

    ***

    Vicious Heartbleed bug bites millions of Android phones, other devices
    Not the exclusive province of servers, Heartbleed can hack end users too.
    ...
    Chief among vulnerable devices are those running Android. While exploiting vulnerable handsets often isn't as simple as attacking vulnerable servers, the risk is high enough that users should tightly curtail use of their Android devices until users are sure their handsets aren't susceptible, Lookout's Rogers advised.

    "If you have a vulnerable device and there's no fix available for you, I would be very cautious about using that device for sensitive data," he told Ars. "So I would be cautious about using it for banking or sending personal messages."
    http://arstechnica.com/security/2014...other-devices/

  3. #18
    Join Date
    Apr 2013
    Location
    U.S.A.
    Posts
    59
    Feedback Score
    0

    The Guardian: Heartbleed makes 50m Android phones vulnerable, data shows

    Heartbleed makes 50m Android phones vulnerable, data shows
    Devices running Android 4.1.1 could be exploited by 'reverse Heartbleed' to yield user data - including 4m in US alone.

    At least 4m Android smartphones in the US, and tens of millions worldwide, could be exploited by a version of the "Heartbleed" security flaw, data provided to the Guardian shows....

    Although the affected devices lie outside the 18-month window under which Google says devices are "traditionally" updated, the company said that "We have also already pushed a fix to manufacturers and operators." But it's unclear how quickly those will be implemented, if ever.

    More than 80% of people running Android 4.1.1 who have shared data with Lookout are affected, Marc Rogers, principal security researcher at the San Francisco-based company, told Bloomberg.

    http://www.theguardian.com/technolog...ble-data-shows
    BTW, it appears that dissatisfaction is fairly widespread over on the TF forum.

  4. #19
    Join Date
    Apr 2013
    Location
    U.S.A.
    Posts
    59
    Feedback Score
    0

    "All About Android" webcast addressed the Heartbleed bug

    I was unable to listen, but have downloaded the webcast.

    In case you are interested -- http://twit.tv/show/all-about-android/157

    You can watch directly or download video (several formats) or audio.

  5. #20
    Join Date
    Apr 2013
    Location
    U.S.A.
    Posts
    59
    Feedback Score
    0

    Cheap phones running old SW might be considered disposable

    In case anyone is still interested, Lifehacker published an article describing what a customer might expect with regard to updates.

    When Will My Phone Get a Software Update? -- http://lifehacker.com/when-will-my-p...ate-1563800999

    FTA --
    • Phones older than 18 months will get abandoned
    • Mid-range or low-end phones will get slower (or no) updates
    • Carriers make everything a crapshoot (Verizon is slow)

    Our ZTE Valets are, by their criteria, really in a gray area. They are new phones, at least for me. However, they are running a very old version of Android -- 4.1.1 was introduced July 23, 2012. The last 4.1 version was 4.1.2 introduced October 9, 2012.

    They are the lowest of the low priced smart phones.

    Should a possible ZTE patch require carrier approval, Verizon would have to be involved and approving a budget phone for a Verizon MVNO like Tracfone would not be a very high priority.

    This has been very educational for me. I mistakenly judged Android device updates by my 30 years of PC experience. I assumed that a critical security flaw would be fixed reasonably promptly. Wrong. (Told y'all that I was a smartphone NOOB.)

    • Android devices should be considered to have a useful life of 12 to 18 months, at least from a security patch concern.
    • Phones are riskier than tablets
    • Budget phones are much riskier than high end phones
    • MVNO phones are much riskier than major carrier phones

    So, if one really expects to get critical security patches reasonably promptly (or at all), one should use a computer rather than a tablet or a phone. Critical security patches for a cheap phone running an older version of Android, provided by an MVNO are a crap shoot at best.

    I just wish that ZTE and Tracfone would decide what, if anything, they are going to do and make an announcement. Being in limbo sucks.

  6. #21
    Join Date
    Apr 2014
    Posts
    11
    Carrier
    Verizon
    Feedback Score
    0

    Smile ZTE Release Update To Fix Heartbleed Bug

    ZTE has released an update to fix the heartbleed bug on their website.
    Link: http://www.zteusa.com/phones/zte-valet.html
    Click on Support
    Click on Software Updates
    Click on guide for installation instructions

    It does not update android version. Only fixes the bug.

    My build number went from TF_US_Z665CV1.0.0B12 to TF_US_Z665CV1.0.0B15

  7. #22
    Join Date
    Jul 2014
    Posts
    5
    Feedback Score
    0
    The update gives me this ominous warning. How easy is it to restore everything from Google and lookout backup?
    Name:  uploadfromtaptalk1406215368130.jpg
Views: 172
Size:  19.2 KB

  8. #23
    Join Date
    Nov 2013
    Posts
    31
    Feedback Score
    0
    I did the update yesterday, nothing but the heartbleed problem was changed. No data whatsoever was lost.

  9. #24
    Join Date
    Jul 2014
    Posts
    5
    Feedback Score
    0
    I attempted the update twice and the phone rebooted but then said installation aborted?

  10. #25
    Join Date
    Apr 2014
    Posts
    4
    Feedback Score
    0
    I just did the upgrade, and it went without a hitch. I downloaded a backup app and backed everything up (not realizing that it was being done automatically to my Google account--but I wouldn't know how to restore it in any case-maybe it will do it automatically from the "backup and restore" in the Settings???) but fortunately everything was there when the update was finished.

    I got the same new build number as Tensilver. I ran Bluebox Heartbleed Scanner again just for kicks and it said "This version of OpenSSL is vulnerable, but heartbeats are disabled so you're safe" in green type.....It also checked my apps and found none with OpenSSL. So I think it's good.

  11. #26
    Join Date
    May 2014
    Posts
    13
    Feedback Score
    0
    You guys realize that the heartbleed bug isn't actually anything you can fix right? Only website administrators can fix it by patching the bug. It doesn't matter what device you're using, the heartbleed bug is an issue on the actual handling of information between you and the site.

  12. #27
    Join Date
    Apr 2014
    Posts
    4
    Feedback Score
    0
    I don't think anybody thinks that the patch will "fix" the Valet. What I do think is that the patch has fixed the way my Valet talks to websites. The heartbleed bug affected OpenSSL for certain android devices, those running Android 4.1.1. The ZTE Valet runs that version. As I said above, I ran Bluebox Heartbleed Scanner after I did the upgrade. Afterwards I got the message "This version of OpenSSL is vulnerable, but heartbeats are disabled so you're safe". I deduce from that statement that when my Valet talks to any website, not just those that have patched the bug (if they were running the bad version of OpenSSL), it avoids the OpenSSL vulnerability. At least this is my understanding. I lag well behind the curve in being tech-savvy, but I am fairly confident that this upgrade has fixed the problem with my Valet.

  13. #28
    Join Date
    Nov 2011
    Posts
    988
    Feedback Score
    0
    Quote Originally Posted by mr potatoes View Post
    You guys realize that the heartbleed bug isn't actually anything you can fix right? Only website administrators can fix it by patching the bug. It doesn't matter what device you're using, the heartbleed bug is an issue on the actual handling of information between you and the site.
    http://www.symantec.com/connect/blog...nternet-things
    Our phones, tablets, etc are clients and we can/should fix them when/if there is an update available

    The server side has to be fixed by IT people working for the server owners.
    Last edited by tfusr19; 07-29-2014 at 02:33 PM.
    Cheers!

  14. #29
    Join Date
    Aug 2013
    Posts
    1,964
    Feedback Score
    0
    All Androids had the Heartbleed vulnerability, even ones running later Jelly Bean and KitKat (I think the latest updates fixed the vulnerability in kitkat, not sure). Another fun app which will report any apps you have which are vulnerable is the Blue Box Heartbleed Scanner (on Google play store).

  15. #30
    Join Date
    May 2005
    Location
    San Francisco
    Posts
    1,089
    Carriers
    PTel
    Feedback Score
    0
    Quote Originally Posted by futurephone View Post
    All Androids had the Heartbleed vulnerability, even ones running later Jelly Bean and KitKat (I think the latest updates fixed the vulnerability in kitkat, not sure). Another fun app which will report any apps you have which are vulnerable is the Blue Box Heartbleed Scanner (on Google play store).
    That's not true. According to Google only phones running Android 4.1.1 are vulnerable. See http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html .
    My site: PrepaidPhoneNews.com My other sites: wapreview.com, boostapps.com

Page 2 of 3 FirstFirst 1 2 3 LastLast

Similar Threads

  1. Apps That Don't Work or Don't Work Well on the ZTE Valet Phone
    By StLouisMan2 in forum Other Manufacturers
    Replies: 0
    Last Post: 12-16-2013, 11:57 PM
  2. What are some gadget and phone magazines?
    By theantidote in forum The Lounge
    Replies: 16
    Last Post: 02-06-2005, 12:16 PM
  3. What are some good Sprint phones?
    By TazExprez in forum Sprint
    Replies: 39
    Last Post: 02-02-2005, 02:49 PM
  4. Replies: 3
    Last Post: 01-13-2004, 06:08 PM
  5. what are some other cell phone forums?
    By comptechgsr in forum General Mobile Questions and Discussion
    Replies: 12
    Last Post: 12-04-2002, 09:11 PM

Tags for this Thread

Bookmarks