All the manufacturers are currently rolling out the Blueborne vulnerability patch. As per the sources and the security detectors at Armis labs, it currently affects over 5.3 Billion devices across the globe. BlueBorne is spread through Bluetooth on many operating systems including Android, Windows, Linus, and iOS. A hacker can connect to a device if its Bluetooth is turned on and spread the BlueBorne virus onto the device. The malware remains undetected by the user. It can connect, take control, and spread the malware to every other Bluetooth device all with the user being unaware. So today, Samsung has decided to release the BlueBorne vulnerability patch for its Galaxy S8 and S8+ devices.
Here is an explanation on how the BlueBorne vulnerability works:
Even though Samsung has termed the latest OTA update for S8/S8+ to be the September update, it is actually the August 2017 Security Patch. It does not consisted of the upcoming September 2017 security patch level that Google released earlier this month. The AOSP source repository have now been updated and manufactrers and custo ROM deelopers can make use of the same. Earlier, Paranoid Android released a v7.3.0 with BlueBorne vulnerability fix.
Here is the demo of how the BlueBorne malware affects Android:
The latest OTA update for S8 and S8+ comes with a new firmware build number G950FXXU1AQI7 and G955FXXU1AQI7 respectively for models SM-G950F/FD & SM-G955F/FD. However, it is still based on Android 7.0 Nougat with Samsung Experience 8.1. It does not include the latest September security patch. This could be because Samsung started working on patching this critical vulnerability first.
Another reason could be that the Samsung is looking forward to Android 8.0 Oreo beta program for the S8 and S8 Plus.
In order to benefit from the latest security feature, you can head over to this Samsung Firmware post which will help you download the full stock firmware file directly from Samsung servers. Alternatively, you can capture OTA updates by going to Settings > Software update > Download updates manually.
Once upgraded, you can check the BlueBorne vulnerability fix using the Armis Security Android app called ‘BlueBorne Vulnerability Scanner by Armis’.